Ensure Load Balancer isn’t exposed to the internet
Description
This policy checks whether a Load Balancer is exposed to the internet by verifying its network type. It's essential to ensure that Load Balancers are not unnecessarily exposed to the public internet to prevent unauthorized access and reduce the attack surface. A Load Balancer with a public network type can be accessed by anyone, potentially leading to security breaches. By setting the network type to 'PRIVATE', the Load Balancer is only accessible within the internal network, enhancing security and reducing the risk of external attacks.
Code Example
terraform
resource "ncloud_lb" "example" {
network_type = "PRIVATE"
}Remediation
Update the Load Balancer's network type to 'PRIVATE' to restrict access to the internal network.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1219 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_lb |
| Checkov ID | CKV_NCP_16 |