Checks whether the authentication feature is enabled for each Microservices Engine (MSE) cluster that allows access over the Internet or whether each MSE cluster denies access over the Internet. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to access MSE clusters over the Internet. Network security cannot be ensured when you access MSE clusters over the Internet. We recommend that you access MSE clusters over virtual private clouds (VPCs).
Risk level
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the authentication feature is enabled for each MSE cluster that allows access over the Internet or each MSE cluster denies access over the Internet, the evaluation result is Compliant.
- If an MSE cluster allows access over the Internet but the authentication feature is not enabled for the cluster, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Parameter | Feature |
|---|---|
| Rule name | mse-cluster-config-auth-enabled |
| Rule identifier | mse-cluster-config-auth-enabled |
| Tag | MSE |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | MSE cluster |
| Input parameter | No default value |
Incompliance remediation
Disable access over the Internet for an MSE cluster or enable the authentication feature for an MSE cluster that allows access over the Internet. For more information, see Grant permissions to access Nacos instances based on an SDK.