Checks whether the specified high-risk ports are mapped by using the DNAT entries of NAT Gateway.
You can disable unnecessary ports to prevent the system from being exposed to network risks.
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the specified high-risk ports are not mapped by using the DNAT entries of NAT Gateway, the evaluation result of the rule is Compliant.
- If specific high-risk ports are mapped by using the DNAT entries of NAT Gateway, the evaluation result of the rule is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
|NAT and NatGateway
|Every 24 hours
|Supported resource type
Note Separate multiple ports with commas (,).
Modify the port settings of the relevant DNAT entries. For more information, see Create and manage DNAT entries.