检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If the VPC of a private NAT gateway is one of the specified VPCs, the private NAT gateway is compliant. Parent topic: NAT Gateway
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. vpc-sg-restricted-common-ports vpc If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is noncompliant
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-enable-backup rds If backup is not enabled for an RDS instance, this instance is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment,
this cluster is noncompliant. mrs-cluster-kerberos-enabled mrs If kerberos is not enabled for an MRS cluster, this cluster is noncompliant. mrs-cluster-no-public-ip mrs If an MRS cluster has an EIP attached, this cluster is noncompliant. private-nat-gateway-authorized-vpc-only nat
NAT Gateway Private NAT Gateways Are in Specified VPCs Parent topic: Built-In Policies
that they are in. 1.2 vpc-sg-restricted-ssh Configure security groups to only allow traffic from some IP addresses to access the SSH port 22 of ECSs to ensure secure remote access. 1.2 smn-lts-enable Enable LTS for SMN topics. 1.4 private-nat-gateway-authorized-vpc-only Use private NAT
If the function needs to access the public network, you can configure a public NAT gateway in the VPC and bind an EIP to the NAT gateway. For details, see Configuring the Network.
If you need public network access, use alternatives such as load balancers, NAT gateways, and VPNs. They can meet your network requirements while reducing costs and risks. Rule Logic If a BMS has an EIP attached, this instance is non-compliant.
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. Idle EIPs may cause the following problems: Unnecessary expenses: Idle EIPs are still billed, causing increased expenses.
If a private NAT gateway is not in a specified VPC, this gateway is noncompliant. rds-instance-enable-backup rds If backup is not enabled for an RDS instance, this instance is noncompliant. rds-instance-multi-az-support rds If an RDS instance does not support multi-AZ deployment,
This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. private-nat-gateway-authorized-vpc-only Use private NAT gateways to control VPC connections. 1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION Under
Gateway Public NAT Gateways (nat.natGateways) Private NAT Gateways (nat.privateNatGateways) Cloud Backup and Recovery (CBR) Vaults (cbr.vault) Data Encryption Workshop (DEW) keys (kms.keys) Cloud Container Engine (CCE) Clusters (cce.clusters) GaussDB Instances (gaussdb.instances)
If your services require public network access, use other solutions, such as load balancers, NAT gateways, and VPNs, to meet service requirements while reducing costs and risks. Rule Logic If an ECS has an EIP attached, this ECS is non-compliant.
Gateway Public NAT gateway EVS Volume Contains Cloud Backup and Recovery Vaults isAttachedTo ECS Cloud server BMS Cloud server Cloud Backup and Recovery Vaults HECS HECS IMS Image isAssociatedWith ECS Cloud server BMS Cloud server HECS HECS NAT Gateway Public NAT gateway isAttachedTo
this IAM user is noncompliant. mrs-cluster-kerberos-enabled mrs If kerberos is not enabled for an MRS cluster, this cluster is noncompliant. mrs-cluster-no-public-ip mrs If an MRS cluster has an EIP attached, this cluster is noncompliant. private-nat-gateway-authorized-vpc-only nat
Built-In Policies Predefined Policy List General Policies API Gateway CodeArts Deploy MapReduce Service NAT Gateway VPC Endpoint Web Application Firewall Elastic Load Balance Elastic IP Auto Scaling Scalable File Service Turbo (SFS Turbo) Elastic Cloud Server Distributed Cache Service
change mrs.mrs MRS Clusters Have Kerberos Enabled Configuration change mrs.mrs MRS Clusters Are Deployed Across AZs Configuration change mrs.mrs MRS Clusters Should Not Use EIPs Configuration change mrs.mrs KMS Encryption Is Enabled for MRS Clusters Configuration change mrs.mrs NAT
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. If the bandwidth of an EIP is too small, services may be interrupted. Solution Modify an EIP bandwidth.
An EIP can be bound to or unbound from resources such as ECSs, BMSs, virtual IP addresses, ELBs, and NAT gateways. Idle EIPs may cause the following problems: Unnecessary expenses: Idle EIPs are still billed, causing increased expenses.
The default public NAT access bandwidth is shared between tenants in testing scenarios that involve a small number of requests.
