Alibaba Cloud database instance accessible to public

Description

Public database instances are vulnerable, as attackers can use a variety of techniques to gain unauthorized access to public databases, such as SQL injection attacks, brute-force attacks, or exploiting misconfigurations or vulnerabilities in the database software. To prevent this risk, make the database instance private by restricting access to only authorized users.

Code Example

resource "alicloud_db_instance" "example" {
  ...
  security_ips = [
-    "0.0.0.0/0"
+    "10.0.0.0/16"
  ]
}

Remediation

Terraform

To mitigate this issue, ensure the `security_ips` parameter in the `alicloud_db_instance` resource does not include "0.0.0.0" or "0.0.0.0/0". Specify a restricted range of IP addresses that are authorized to access the database.

Example:

Rule Details

Field	Value
ID	IAC-0009
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_9

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud database instance accessible to public

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud database instance accessible to public ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud database instance accessible to public

Description

Code Example

Remediation

Rule Details

References