Ensure Alibaba Cloud MongoDB is deployed inside a VPC
Error: Alibaba Cloud MongoDB is not deployed inside a VPC
Bridgecrew Policy ID: BC_ALI_NETWORKING_8
Checkov Check ID: CKV_ALI_41
Severity: LOW
Alibaba Cloud MongoDB is not deployed inside a VPC
Description
Deploying your MongoDB database inside a VPC helps protect your data from unauthorized access or tampering by isolating the database from the public internet. By deploying your database inside a VPC, you can help ensure that only authorized users with the correct permissions can access the data, and that the data is protected from external threats such as hackers or malware.
Fix - Runtime
Fix - Buildtime
Terraform
resource "alicloud_mongodb_instance" "pass" {
engine_version = "3.4"
db_instance_class = "dds.mongo.mid"
db_instance_storage = 10
vswitch_id = alicloud_vswitch.ditch.id
security_ip_list = ["0.0.0.0/0","10.168.1.12", "100.69.7.112"]
kms_encryption_context= {
}
# tde_status = "Disabled"
ssl_action = "Close"
# not set
network_type = "VPC"
}
resource "alicloud_vswitch" "ditch" {
vpc_id = "anyoldtripe"
cidr_block = "0.0.0.0/0"
}
Updated 3 months ago