IBM Cloud Application Load Balancer for VPC has public access enabled in Terraform
Description
This policy detects whether a Virtual Private Cloud (VPC) load balancer has public access disabled, which helps mitigate the risk of unauthorized external access. Publicly accessible load balancers can potentially expose the VPC to external threats and malicious traffic. By ensuring the load balancer is private, access is restricted to internal network traffic, reducing the surface area for potential attacks and enhancing overall security within the VPC.
Code Example
resource "ibm_is_lb" "example" {
...
+ type = "private"
}Remediation
Terraform
- Resource: ibm_is_lb
- Arguments: type
Ensure all `ibm_is_lb` resources are configured with the `type` parameter set to `private`, preventing public access.
In this example, the `type` attribute is set to `private` in the `ibm_is_lb` resource to make the load balancer accessible only within the VPC. This configuration ensures that the load balancer is private.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1073 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_IBM_1 |