The tag "public-exposure" is attached to any discovered compute instances, objects, or data stores which are exposed to access by any internet user
Some examples:
- Compute instances configuring the Inbound Rule to allow all traffic on 0.0.0.0/0 address
- Disabling "Block Public access" option on storage like S3 buckets, Blob containers, GCP storage
- RDS instances that have security groups with public access attached
These types of entities need to be identified to ensure that they are audited by their account owners. In some cases, the entities may be intentionally configured to be publicly accessible for business and functional reasons. For entities found that should not be available to the public, remedial action should be taken to avoid harm.
From the Public Exposure tab, select View all to display the entire list of entities that are determined to be publicly accessible.
You will be redirected to the All Open Risks section with the preset filter tags: public-exposure.
Additional information can be found in the Risks section.