Ensure OCI Data Catalog is configured without overly permissive network access
Description
This policy checks whether an OCI Data Catalog is configured with overly permissive network access by verifying the presence and configuration of attached private endpoints. It is essential to restrict access to the Data Catalog to prevent unauthorized data exposure. The check ensures that at least one private endpoint is attached to the Data Catalog, indicating that access is restricted. By passing this check, you can help protect your data from potential security breaches.
Code Example
terraform
resource "oci_datacatalog_catalog" "example" {
attached_catalog_private_endpoints {
id = oci_datacatalog_private_endpoint.test.id
}
}Remediation
Attach a private endpoint to the Data Catalog to restrict access.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1250 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | oci_datacatalog_catalog |
| Checkov ID | CKV_OCI_23 |