RDS DB Instance Publicly Accessible

  • Query id: faaefc15-51a5-419e-bb5e-51a4b5ab3485
  • Query name: RDS DB Instance Publicly Accessible
  • Platform: Terraform
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

The field 'address' should not be set to '0.0.0.0/0'
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "alicloud_db_instance" "example" {
  engine               = "MySQL"
  engine_version       = "5.6"
  instance_type        = "rds.mysql.s2.large"
  instance_storage     = "30"
  instance_charge_type = "Postpaid"
  instance_name        = var.name
  vswitch_id           = alicloud_vswitch.example.id
  monitoring_period    = "60"
  address              = "0.0.0.0/0"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_db_instance" "example" {
  engine               = "MySQL"
  engine_version       = "5.6"
  instance_type        = "rds.mysql.s2.large"
  instance_storage     = "30"
  instance_charge_type = "Postpaid"
  instance_name        = var.name
  vswitch_id           = alicloud_vswitch.example.id
  monitoring_period    = "60"
  address              = "10.23.12.24/24"
}
Negative test num. 2 - tf file
resource "alicloud_db_instance" "example" {
  engine               = "MySQL"
  engine_version       = "5.6"
  instance_type        = "rds.mysql.s2.large"
  instance_storage     = "30"
  instance_charge_type = "Postpaid"
  instance_name        = var.name
  vswitch_id           = alicloud_vswitch.example.id
  monitoring_period    = "60"
}