All Products
Search
Document Center

Cloud Config:rds-instance-enabled-security-ip-list

Last Updated:Jun 16, 2026

Evaluates whether the whitelist of each ApsaraDB RDS instance excludes 0.0.0.0/0. If 0.0.0.0/0 is not in the whitelist, the evaluation result is Compliant.

Scenarios

Adding 0.0.0.0/0 to the whitelist of an ApsaraDB RDS instance allows access from all CIDR blocks over the Internet, which poses high security risks. Proceed with caution.

Risk level

Default risk level: high.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If 0.0.0.0/0 is not in the whitelist of each ApsaraDB RDS instance, the evaluation result is Compliant.
  • If 0.0.0.0/0 is in the whitelist of an ApsaraDB RDS instance, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Note If 127.0.0.1 is added to the whitelist of an ApsaraDB RDS instance, the instance denies access from all IP addresses. Proceed with caution.

Rule details

Item Description
Rule name rds-instance-enabled-security-ip-list
Rule identifier rds-instance-enabled-security-ip-list
Tag RDS
Automatic remediation Supported
Trigger type Configuration change
Supported resource type ApsaraDB RDS instance
Input parameter None.

Incompliance remediation

Remove 0.0.0.0/0 from the whitelist of the ApsaraDB RDS instance. For more information, see Configure an IP address whitelist.