RDS DB Instance Publicly Accessible
- Query id: faaefc15-51a5-419e-bb5e-51a4b5ab3485
- Query name: RDS DB Instance Publicly Accessible
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
The field 'address' should not be set to '0.0.0.0/0'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "alicloud_db_instance" "example" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.s2.large"
instance_storage = "30"
instance_charge_type = "Postpaid"
instance_name = var.name
vswitch_id = alicloud_vswitch.example.id
monitoring_period = "60"
address = "0.0.0.0/0"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_db_instance" "example" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.s2.large"
instance_storage = "30"
instance_charge_type = "Postpaid"
instance_name = var.name
vswitch_id = alicloud_vswitch.example.id
monitoring_period = "60"
address = "10.23.12.24/24"
}
Negative test num. 2 - tf file
resource "alicloud_db_instance" "example" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.s2.large"
instance_storage = "30"
instance_charge_type = "Postpaid"
instance_name = var.name
vswitch_id = alicloud_vswitch.example.id
monitoring_period = "60"
}