Checks whether ApsaraDB RDS instances have Internet access and the whitelist feature enabled. If either is disabled, the result is Compliant.
Scenarios
Disabling Internet access for ApsaraDB RDS instances improves data security, reduces network traffic and loads, meets security compliance requirements, and simplifies network configuration and management.
Risk level
Default risk level: high.
You can change the risk level when you apply this rule.
Compliance evaluation logic
-
If the whitelist feature or Internet access is disabled for an ApsaraDB RDS instance, the result is Compliant.
-
If both the whitelist feature and Internet access are enabled for an ApsaraDB RDS instance, the result is Non-compliant.
Rule details
|
Item |
Description |
|
Rule name |
rds-public-connection-and-any-ip-access-check |
|
Rule ID |
|
|
Tag |
RDS and public |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ApsaraDB RDS instance |
|
Input parameter |
None |
Non-compliance remediation
Disable the whitelist feature or Internet access for each ApsaraDB RDS instance. Configure an IP address whitelist.