Ensure security group is assigned to database cluster.
Description
This policy checks whether a security group is assigned to a database cluster. Assigning a security group to a database cluster is crucial for controlling and managing network access to the cluster. Without a security group, the cluster may be exposed to unauthorized access, potentially leading to data breaches or other security threats. It is essential to assign a security group to ensure the cluster's network security.
Code Example
terraform
resource "yandex_mdb_postgresql_cluster" "example" {
name = "example"
environment = "PRODUCTION"
network_id = yandex_vpc_network.example.id
security_group_ids = [yandex_vpc_security_group.example.id]
}Remediation
Assign a security group to the database cluster by setting the 'security_group_ids' attribute.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1334 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_mdb_clickhouse_cluster, yandex_mdb_elasticsearch_cluster, yandex_mdb_greenplum_cluster, yandex_mdb_kafka_cluster, yandex_mdb_mongodb_cluster, yandex_mdb_mysql_cluster, yandex_mdb_postgresql_cluster, yandex_mdb_redis_cluster, yandex_mdb_sqlserver_cluster |
| Checkov ID | CKV_YC_1 |