Beta - CVM Instance Disable Monitor Service
- Query id: 966ed4f7-b8a5-4e8d-b2bf-098657c98960
- Query name: Beta - CVM Instance Disable Monitor Service
- Platform: Terraform
- Severity: Info
- Category: Observability
- CWE: 778
- URL: Github
Description¶
CVM Instance should have detailed monitor service enabled.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = "ap-guangzhou-7"
image_id = "img-9qrfy1xt"
instance_type = "POSTPAID_BY_HOUR"
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "root"
project_id = 0
vpc_id = "vpc-axrsmmrv"
subnet_id = "subnet-861wd75e"
internet_max_bandwidth_out = 100
disable_monitor_service = true
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = "ap-guangzhou-7"
image_id = "img-9qrfy1xt"
instance_type = "POSTPAID_BY_HOUR"
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "root"
project_id = 0
vpc_id = "vpc-axrsmmrv"
subnet_id = "subnet-861wd75e"
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}
Negative test num. 2 - tf file
resource "tencentcloud_instance" "cvm_postpaid" {
instance_name = "cvm_postpaid"
availability_zone = "ap-guangzhou-7"
image_id = "img-9qrfy1xt"
instance_type = "POSTPAID_BY_HOUR"
system_disk_type = "CLOUD_PREMIUM"
system_disk_size = 50
hostname = "root"
project_id = 0
vpc_id = "vpc-axrsmmrv"
subnet_id = "subnet-861wd75e"
disable_monitor_service = false
data_disks {
data_disk_type = "CLOUD_PREMIUM"
data_disk_size = 50
encrypt = false
}
tags = {
tagKey = "tagValue"
}
}