Ensure AWS Security Group does not allow all traffic on all ports
Error: AWS NACL allows ingress from 0.0.0.0/0 to port 20
Bridgecrew Policy ID: BC_AWS_NETWORKING_78
Checkov Check ID: CKV_AWS_277
Severity: MEDIUM
AWS Security Group allows all traffic on all ports
Description
By allowing all ingress traffic on all ports, AWS security group permits unrestricted internet access. Make sure that ports are defined properly
Fix - Buildtime
Terraform
resource "aws_security_group" "example" {
name = "allow-all-ingress"
ingress {
cidr_blocks = ["0.0.0.0/0"]
- from_port = -1
- to_port = -1
+ from_port = 443
+ to_port = 443
protocol = "tcp"
}
}
Updated 10 days ago