Ensure Alibaba Cloud MongoDB is deployed inside a VPC

Error: Alibaba Cloud MongoDB is not deployed inside a VPC

Bridgecrew Policy ID: BC_ALI_NETWORKING_8
Checkov Check ID: CKV_ALI_41
Severity: LOW

Alibaba Cloud MongoDB is not deployed inside a VPC

Description

Deploying your MongoDB database inside a VPC helps protect your data from unauthorized access or tampering by isolating the database from the public internet. By deploying your database inside a VPC, you can help ensure that only authorized users with the correct permissions can access the data, and that the data is protected from external threats such as hackers or malware.

Fix - Runtime

Fix - Buildtime

Terraform

resource "alicloud_mongodb_instance" "pass" {
  engine_version      = "3.4"
  db_instance_class   = "dds.mongo.mid"
  db_instance_storage = 10
  vswitch_id          = alicloud_vswitch.ditch.id
  security_ip_list    = ["0.0.0.0/0","10.168.1.12", "100.69.7.112"]
  kms_encryption_context= {

  }
  # tde_status = "Disabled"
  ssl_action = "Close"
  # not set
  network_type = "VPC"
}

resource "alicloud_vswitch" "ditch" {
  vpc_id     = "anyoldtripe"
  cidr_block = "0.0.0.0/0"
}

Updated 9 months ago