Ensure public IP is not assigned to database cluster.
Description
This policy checks whether a public IP is assigned to a database cluster. Assigning a public IP to a database cluster can expose it to the internet, increasing the risk of unauthorized access and data breaches. It's essential to restrict access to the database cluster to only trusted sources. By not assigning a public IP, the cluster is only accessible within the internal network, reducing the attack surface.
Code Example
terraform
resource "yandex_mdb_postgresql_cluster" "example" {
config {
assign_public_ip = false
}
}Remediation
Ensure the database cluster does not have a public IP assigned.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1345 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_mdb_clickhouse_cluster, yandex_mdb_elasticsearch_cluster, yandex_mdb_greenplum_cluster, yandex_mdb_kafka_cluster, yandex_mdb_mongodb_cluster, yandex_mdb_mysql_cluster, yandex_mdb_postgresql_cluster, yandex_mdb_sqlserver_cluster |
| Checkov ID | CKV_YC_12 |