Ensure Tencent Cloud CVM instances do not use the default VPC

Description

This policy checks whether Tencent Cloud CVM instances are using the default VPC. Using the default VPC can pose security risks as it may not be configured with the same level of security as a custom VPC. It is recommended to use a custom VPC for better security and control. By not using the default VPC, users can ensure their instances are isolated and protected according to their specific security requirements.

Code Example

terraform

resource "tencentcloud_instance" "example" {
  vpc_id = tencentcloud_vpc.example.id
  subnet_id = tencentcloud_subnet.example.id
}

resource "tencentcloud_vpc" "example" {
  name       = "example-vpc"
  cidr_block = "10.0.0.0/16"
}

resource "tencentcloud_subnet" "example" {
  name       = "example-subnet"
  cidr_block = "10.0.1.0/24"
  vpc_id     = tencentcloud_vpc.example.id
}

Remediation

Ensure the CVM instance uses a custom VPC by specifying a custom VPC ID and subnet ID.

Rule Details

Field	Value
ID	IAC-1322
Severity	MEDIUM
IaC Type	Terraform
Frameworks	tencentcloud_instance
Checkov ID	CKV_TC_5

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure Tencent Cloud CVM instances do not use the default VPC

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure Tencent Cloud CVM instances do not use the default VPC ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure Tencent Cloud CVM instances do not use the default VPC

Description

Code Example

Remediation

Rule Details

References