Checks whether a PolarDB cluster IP whitelist contains 0.0.0.0/0, which allows access from all CIDR blocks.
Scenario
Adding 0.0.0.0/0 to a PolarDB cluster IP whitelist allows access from all CIDR blocks, posing significant security risks. Add this entry with caution.
Risk level
Default risk level: high.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If 0.0.0.0/0 is not in the IP whitelist of the PolarDB cluster, the configuration is compliant.
- If 0.0.0.0/0 is in the IP whitelist of the PolarDB cluster, the configuration is non-compliant. Correct this by following the Non-compliance remediation steps.
Rule details
| Item | Description |
| Rule name | polardb-public-access-check |
| Rule ID | polardb-public-access-check |
| Tag | PolarDB and VPC |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | PolarDB cluster |
| Input parameter | None |
Non-compliance remediation
Delete 0.0.0.0/0 from the IP whitelist of the PolarDB cluster. For more information, see Configure an IP whitelist.