nat-risk-ports-check

更新时间:
复制 MD 格式

Checks whether DNAT entries of NAT Gateway map any specified high-risk ports.

Scenarios

Disable unnecessary ports to reduce network exposure risks.

Risk level

Default risk level: medium.

You can change the risk level when you apply this rule.

Compliance evaluation logic

  • If no specified high-risk ports are mapped in the DNAT entries of NAT Gateway, the rule evaluates as Compliant.
  • If any specified high-risk ports are mapped in the DNAT entries of NAT Gateway, the rule evaluates as Non-compliant. To remediate this, see Non-compliance remediation.

Rule details

Item Description
Rule name nat-risk-ports-check
Rule identifier nat-risk-ports-check
Tag NAT and NatGateway
Automatic remediation Supported
Trigger type Periodic execution
Evaluation frequency Every 24 hours
Supported resource type NAT gateway
Input parameter ports
Note Separate multiple ports with commas (,).

Non-compliance remediation

Modify the port settings of the relevant DNAT entries. For more information, see Create and manage DNAT entries.