Beta - CDB Instance Internet Service Enabled
- Query id: 5d820574-4a60-4916-b049-0810b8629731
- Query name: Beta - CDB Instance Internet Service Enabled
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
CDB Instance Internet should have internet service disabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
internet_service = 1
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}
Negative test num. 2 - tf file
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
internet_service = 0
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}