Restrict public access on DMS replication instance High

DMS replication instance with public accessibility is detected. Make Sure that DMS replication instance should not allow public accessibility.

Detector ID
terraform/restrict-public-access-dms-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_dms_replication_instance" "test" {
2  allocated_storage            = 20
3  apply_immediately            = true
4  auto_minor_version_upgrade   = true
5  multi_az                     = false
6  preferred_maintenance_window = "sun:10:30-sun:14:30"
7  # Noncompliant: DMS replication instance is publicly accessible.
8  publicly_accessible          = true
9  replication_instance_class   = "dms.t2.micro"
10  replication_instance_id      = "test-dms-replication-instance-tf"
11  replication_subnet_group_id  = aws_dms_replication_subnet_group.test.id
12  kms_key_arn                  = test
13
14  tags = {
15    Name = "test"
16  }
17
18}

Compliant example

1resource "aws_dms_replication_instance" "test" {
2  allocated_storage            = 20
3  apply_immediately            = true
4  auto_minor_version_upgrade   = true
5  multi_az                     = false
6  preferred_maintenance_window = "sun:10:30-sun:14:30"
7  # Compliant: DMS replication instance is not publicly accessible.
8  publicly_accessible          = false
9  replication_instance_class   = "dms.t2.micro"
10  replication_instance_id      = "test-dms-replication-instance-tf"
11  replication_subnet_group_id  = aws_dms_replication_subnet_group.test.id
12  kms_key_arn                  = test
13
14  tags = {
15    Name = "test"
16  }
17
18}