Best Practices for Network and Content Delivery Service Operations
The following table describes the compliance rules and solutions in the sample template.
Rule |
Cloud Service |
Description |
---|---|---|
apig-instances-execution-logging-enabled |
apig |
If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant. |
apig-instances-ssl-enabled |
apig |
If no SSL certificates are attached to a dedicated APIG gateway, this gateway is considered noncompliant. |
as-group-elb-healthcheck-required |
as |
If an AS group does not have health check enabled, this AS group is noncompliant. |
elb-tls-https-listeners-only |
elb |
If any listener of a load balancer does not have the frontend protocol set to HTTPS, this load balancer is noncompliant. |
vpc-sg-restricted-ssh |
vpc |
If a security group allows all inbound traffic (with the source address set to 0.0.0.0/0 or ::/0) and opens the TCP 22 port, this security group is noncompliant. |
ecs-instance-in-vpc |
ecs, vpc |
If an ECS is not within the specified VPC, this ECS is noncompliant. |
private-nat-gateway-authorized-vpc-only |
nat |
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. |
vpc-sg-restricted-common-ports |
vpc |
If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is noncompliant. |
vpc-default-sg-closed |
vpc |
If a default security group allows all inbound or outbound traffic, this security group is noncompliant. |
vpc-flow-logs-enabled |
vpc |
If a VPC does not have the flow log enabled, this VPC is noncompliant. |
vpc-acl-unused-check |
vpc |
If a network ACL is not attached to any subnets, this ACL is noncompliant. |
vpc-sg-ports-check |
vpc |
If a security group has the source address set to 0.0.0.0/0 or ::/0 and opens all TCP/UDP ports, this security group is noncompliant. |
vpn-connections-active |
vpnaas |
If a VPN is not normally connected, this rule is noncompliant. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot