Updated on 2025-08-25 GMT+08:00

GaussDB Instance EIP Check

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

gaussdb-instance-no-public-ip-check

Identifier

GaussDB Instance EIP Check

Description

If a GaussDB instance is bound to any EIPs, this instance is non-compliant.

Tag

gaussdb

Trigger Type

Configuration change

Filter Type

gaussdb.instance

Rule Parameters

None

Application Scenarios

Generally, databases should be accessed only on the intranet or in a VPC. Servers should connect to databases over the intranet to improve security. Databases with EIPs can be accessed via the public network, which may increase the risk of attacks such as malicious scanning or attacks through exposed ports. In terms of performance, connecting to a database over the public network may increase the latency. The intranet usually has higher bandwidth and lower latency.

GaussDB supports gsql, DBeaver, Navicat, and Data Admin Service (DAS) for instance connection. For details, see Connecting to a GaussDB Instance.

Solution

Unbind EIPs from GaussDB instances. For details, see Binding and Unbinding an EIP for a GaussDB Instance.

Rule Logic

  • If a GaussDB instance has an EIP bound, this instance is non-compliant.
  • If a GaussDB instance does not have an EIP bound, this instance is compliant.