Checks whether the access control list (ACL) of each Application Load Balancer (ALB) instance includes 0.0.0.0/0. If not, the evaluation result is Compliant.
If the ACL of an ALB instance includes 0.0.0.0/0, the ALB instance allows access from all CIDR blocks. This may expose the ALB instance to high security risks. Proceed with caution.
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the ACL of each ALB instance does not include 0.0.0.0/0, the evaluation result is Compliant.
- If the ACL of an ALB instance includes 0.0.0.0/0, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
|Automatic remediation||Not supported|
|Trigger type||Configuration change|
|Supported resource type||ALB ACLs|
Remove 0.0.0.0/0 from the ACL of an ALB instance. For more information, see Access control.