RDS DB Instance Publicly Accessible
- Query id: 1b4565c0-4877-49ac-ab03-adebbccd42ae
- Query name: RDS DB Instance Publicly Accessible
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 668
- URL: Github
Description¶
'0.0.0.0' or '0.0.0.0/0' should not be in 'security_ips' list
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"0.0.0.0",
"10.23.12.24/24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Positive test num. 2 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"0.0.0.0/0",
"10.23.12.24/24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"10.23.12.24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}