Public access is disabled for all PolarDB cluster endpoints

更新时间:
复制 MD 格式

This rule checks whether public network access is disabled for all endpoints of a PolarDB cluster.

Scenarios

Public network access to a PolarDB cluster poses security risks. We recommend that you use a virtual private cloud (VPC) instead.

Risk level

Default risk level: High.

You can change the risk level as needed.

Detection logic

  • A PolarDB cluster is considered compliant if public network access is disabled for all its endpoints.

  • If public network access is enabled for any endpoint, the cluster is considered non-compliant. For more information about how to resolve this issue, see Remediation.

Rule details

Parameter

Description

Rule name

Public access is disabled for all PolarDB cluster endpoints

Rule identifier

polardb-cluster-address-no-public

Tag

PolarDB

Auto-correction

Not supported

How rules are triggered

Periodic

Trigger frequency

24 hours

Supported resource types

PolarDB cluster

Input parameters

None

Remediation

Disable public network access for all endpoints of the PolarDB cluster. For more information, see Endpoints (primary endpoint, cluster endpoint, and custom endpoint).