Alibaba Cloud MongoDB instance is public

Description

This policy ensures that MongoDB instances in Alibaba Cloud are not publicly accessible. Exposing MongoDB instances to the public internet can lead to unauthorized access and potential data breaches. Restricting access to specific IP addresses helps protect the database from unauthorized access and potential attacks.

Failing to restrict access to MongoDB instances can result in sensitive data being exposed to the public, with a higher risk of being compromised.

Code Example

resource "alicloud_mongodb_instance" "example" {
  ...
-  security_ip_list = ["0.0.0.0/0"]
+  security_ip_list = ["192.168.1.1", "192.168.1.2"]
}

Remediation

Terraform

Resource: alicloud_mongodb_instance
Attribute: security_ip_list

To mitigate this issue, ensure that the `security_ip_list` attribute in the `alicloud_mongodb_instance` resource does not include `0.0.0.0` or `0.0.0.0/0`.

Example:

Rule Details

Field	Value
ID	IAC-0040
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_43

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud MongoDB instance is public

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud MongoDB instance is public ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud MongoDB instance is public

Description

Code Example

Remediation

Rule Details

References