This rule checks whether public network access is disabled for all endpoints of a PolarDB cluster.
Scenarios
Public network access to a PolarDB cluster poses security risks. We recommend that you use a virtual private cloud (VPC) instead.
Risk level
Default risk level: High.
You can change the risk level as needed.
Detection logic
-
A PolarDB cluster is considered compliant if public network access is disabled for all its endpoints.
-
If public network access is enabled for any endpoint, the cluster is considered non-compliant. For more information about how to resolve this issue, see Remediation.
Rule details
|
Parameter |
Description |
|
Rule name |
Public access is disabled for all PolarDB cluster endpoints |
|
Rule identifier |
polardb-cluster-address-no-public |
|
Tag |
PolarDB |
|
Auto-correction |
Not supported |
|
How rules are triggered |
Periodic |
|
Trigger frequency |
24 hours |
|
Supported resource types |
PolarDB cluster |
|
Input parameters |
None |
Remediation
Disable public network access for all endpoints of the PolarDB cluster. For more information, see Endpoints (primary endpoint, cluster endpoint, and custom endpoint).