Evaluates whether each Server Load Balancer (SLB) instance has an IP address whitelist configured and 0.0.0.0/0 is not included in the whitelist.
Scenario
Adding 0.0.0.0/0 to the IP address whitelist of an SLB instance allows access from all CIDR blocks, exposing your workloads to the public Internet and increasing the risk of malicious attacks. Do not add 0.0.0.0/0 to the IP address whitelist.
Risk level
Default risk level: high.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If an IP address whitelist is configured for an SLB instance and 0.0.0.0/0 is not in the whitelist, the evaluation result is compliant.
- If an IP address whitelist is configured for an SLB instance but 0.0.0.0/0 is in the whitelist, the evaluation result is non-compliant. To correct this configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | slb-acl-public-access-check |
| Rule ID | slb-acl-public-access-check |
| Tag | SLB and VPC |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | Access control list |
| Input parameter | None |
Non-compliance remediation
Remove 0.0.0.0/0 from the IP address whitelist. For more information, see Delete IP entries.
该文章对您有帮助吗?