Checks whether DNAT entries of NAT Gateway map any specified high-risk ports.
Scenarios
Disable unnecessary ports to reduce network exposure risks.
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If no specified high-risk ports are mapped in the DNAT entries of NAT Gateway, the rule evaluates as Compliant.
- If any specified high-risk ports are mapped in the DNAT entries of NAT Gateway, the rule evaluates as Non-compliant. To remediate this, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | nat-risk-ports-check |
| Rule identifier | nat-risk-ports-check |
| Tag | NAT and NatGateway |
| Automatic remediation | Supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Every 24 hours |
| Supported resource type | NAT gateway |
| Input parameter | ports
Note Separate multiple ports with commas (,). |
Non-compliance remediation
Modify the port settings of the relevant DNAT entries. For more information, see Create and manage DNAT entries.
该文章对您有帮助吗?