Checks whether the access control list (ACL) of each Application Load Balancer (ALB) instance includes 0.0.0.0/0. If not, the evaluation result is Compliant.
Scenarios
If the ACL of an ALB instance includes 0.0.0.0/0, the ALB instance allows access from all CIDR blocks. This may expose the ALB instance to high security risks. Proceed with caution.
Risk level
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the ACL of each ALB instance does not include 0.0.0.0/0, the evaluation result is Compliant.
- If the ACL of an ALB instance includes 0.0.0.0/0, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | alb-acl-public-access-check |
| Rule identifier | alb-acl-public-access-check |
| Tag | ALB |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ALB ACLs |
| Input parameter | None |
Incompliance remediation
Remove 0.0.0.0/0 from the ACL of an ALB instance. For more information, see Access control.