Updated on 2025-08-25 GMT+08:00

DWS Clusters Should Not Use EIPs

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

dws-clusters-no-public-ip

Identifier

DWS Clusters Should Not Use EIPs

Description

If a GaussDB(DWS) cluster has an EIP bound, this cluster is non-compliant.

Tag

dws

Trigger Type

Configuration change

Filter Type

dws.clusters

Rule Parameters

None

Application Scenarios

Do not expose GaussDB(DWS) clusters to the public network. This may cause the following problems:

  • Unauthorized access: Public network access increases the risk of database exposure, which may be exploited by malicious users.
  • Data leakage: Attackers may steal sensitive data, such as user information or financial data.
  • Data tampering: Attackers may tamper with data through public network access, affecting data integrity.
  • Network latency: Public network access is usually slower than intranet access, affecting the database response speed.
  • Attack target: Public network access makes databases more vulnerable to DDoS attacks, which may interrupt services.

Solution

Do not bind an EIP to your GaussDB(DWS) cluster when creating it. If an EIP has been bound, unbind it.

Rule Logic

  • If no EIP is bound to your GaussDB(DWS) cluster, this cluster is compliant.
  • If an EIP is bound to your GaussDB(DWS) cluster, this cluster is non-compliant.