RDS DB Instance Publicly Accessible

Query id: faaefc15-51a5-419e-bb5e-51a4b5ab3485
Query name: RDS DB Instance Publicly Accessible
Platform: Terraform
Severity: Critical
Category: Insecure Configurations
URL: Github

Description¶

The field 'address' should not be set to '0.0.0.0/0'
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "alicloud_db_instance" "example" {
  engine               = "MySQL"
  engine_version       = "5.6"
  instance_type        = "rds.mysql.s2.large"
  instance_storage     = "30"
  instance_charge_type = "Postpaid"
  instance_name        = var.name
  vswitch_id           = alicloud_vswitch.example.id
  monitoring_period    = "60"
  address              = "0.0.0.0/0"
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

  engine   engine_version   instance_type   instance_storage   instance_charge_type  instance_name   vswitch_id   monitoring_period   address }

Negative test num. 2 - tf file

  engine   engine_version   instance_type   instance_storage   instance_charge_type  instance_name   vswitch_id   monitoring_period }

href="#__codelineno-1-1">resource "alicloud_db_instance" "example" { = "MySQL" = "5.6" = "rds.mysql.s2.large" = "30" class="w"> = "Postpaid" = var.name = alicloud_vswitch.example.id = "60" = "10.23.12.24/24" href="#__codelineno-2-1">resource "alicloud_db_instance" "example" { = "MySQL" = "5.6" = "rds.mysql.s2.large" = "30" class="w"> = "Postpaid" = var.name = alicloud_vswitch.example.id = "60"