ab2420d47e
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
64 lines
1.3 KiB
Plaintext
64 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
DMS and EC2 instances have a public IP address assigned to them:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
DMSInstance:
|
|
Type: AWS::DMS::ReplicationInstance
|
|
Properties:
|
|
PubliclyAccessible: true # sensitive, by default it's also set to true
|
|
|
|
EC2Instance:
|
|
Type: AWS::EC2::Instance
|
|
Properties:
|
|
NetworkInterfaces:
|
|
- AssociatePublicIpAddress: true # sensitive, by default it's also set to true
|
|
DeviceIndex: "0"
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
DMS and EC2 instances doesn't have a public IP address:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
DMSInstance:
|
|
Type: AWS::DMS::ReplicationInstance
|
|
Properties:
|
|
PubliclyAccessible: false
|
|
|
|
EC2Instance:
|
|
Type: AWS::EC2::Instance
|
|
Properties:
|
|
NetworkInterfaces:
|
|
- AssociatePublicIpAddress: false
|
|
DeviceIndex: "0"
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* Omitting "{parameter}" allows network access from the Internet. Make sure it is safe here.
|
|
* Make sure allowing public network access is safe here.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|