Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Infrastructure Security/
SEC04 Network Security/
SEC02-03 Minimizing Network Access Permissions
Updated on 2025-05-22 GMT+08:00
SEC02-03 Minimizing Network Access Permissions
Ensure that only necessary personnel or components can access specific network resources.
- Risk level
High
- Key strategies
- Configure security groups and network ACLs to control incoming and outgoing traffic for cloud resources. Make sure only authorized traffic can access specific services and ports. Optimize the ACL of each network area based on service requirements and reduce the number of access control rules as much as possible.
- Restrict public IP address exposure to the minimum required scope and disable external access to open high-risk ports and remote management ports. If it is not possible to disable all high-risk ports or remote management ports, open as few ports as possible.
- Only open the network segments and ports required by services in the security group. Do not allow all IP addresses (0.0.0.0/0) to access the security group.
- Related cloud services and tools
- Virtual Private Cloud (VPC)
- NAT Gateway
- SecMaster: Cloud service baseline inspection
Parent topic: SEC04 Network Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
