GaussDB Instance EIP Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
gaussdb-instance-no-public-ip-check |
|
Identifier |
GaussDB Instance EIP Check |
|
Description |
If a GaussDB instance is bound to any EIPs, this instance is non-compliant. |
|
Tag |
gaussdb |
|
Trigger Type |
Configuration change |
|
Filter Type |
gaussdb.instance |
|
Rule Parameters |
None |
Application Scenarios
Generally, databases should be accessed only on the intranet or in a VPC. Servers should connect to databases over the intranet to improve security. Databases with EIPs can be accessed via the public network, which may increase the risk of attacks such as malicious scanning or attacks through exposed ports. In terms of performance, connecting to a database over the public network may increase the latency. The intranet usually has higher bandwidth and lower latency.
GaussDB supports gsql, DBeaver, Navicat, and Data Admin Service (DAS) for instance connection. For details, see Connecting to a GaussDB Instance.
Solution
Unbind EIPs from GaussDB instances. For details, see Binding and Unbinding an EIP for a GaussDB Instance.
Rule Logic
- If a GaussDB instance has an EIP bound, this instance is non-compliant.
- If a GaussDB instance does not have an EIP bound, this instance is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
