DCS for Redis Instances Should Not Use EIPs
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
dcs-redis-no-public-ip |
|
Identifier |
DCS for Redis Instances Should Not Use EIPs |
|
Description |
If a DCS for Redis instance has an EIP bound, this instance is non-compliant. |
|
Tag |
dcs |
|
Trigger Type |
Configuration change |
|
Filter Type |
dcs.redis |
|
Rule Parameters |
None |
Application Scenarios
You need to ensure that your DCS for Redis resources are not accessible over the public network. This reduces the attack surface.
DCS for Redis 4.0 and later versions support ELB for public network access. For details, see Enabling Public Access to Redis and Obtaining the Access Addresses.
DCS for Redis 3.0 instances support EIP for public network access. For details, see Enabling Public Access of a DCS Redis 3.0 Instance.
Solution
Currently, only DCS for Redis 3.0 instances using password authentication support public network access. Disable public network access for such instances. Currently, DCS for Redis 4.0 and later instances do not support public network access. No action is required for such instances. For details, see Does DCS Support Public Access?
Rule Logic
- If a DCS for Redis instance has an EIP bound, this instance is non-compliant.
- If a DCS for Redis instance does not have an EIP bound, this instance is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
