Ensure AWS Security Group does not allow all traffic on all ports

Error: AWS NACL allows ingress from 0.0.0.0/0 to port 20

Bridgecrew Policy ID: BC_AWS_NETWORKING_78
Checkov Check ID: CKV_AWS_277
Severity: MEDIUM

AWS Security Group allows all traffic on all ports

Description

By allowing all ingress traffic on all ports, AWS security group permits unrestricted internet access. Make sure that ports are defined properly

Fix - Buildtime

Terraform

resource "aws_security_group" "pass" {
  name   = "example"
  vpc_id = "aws_vpc.example.id"

  ingress {
    cidr_blocks = ["0.0.0.0/0"]
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
  }
  ingress {
    cidr_blocks = ["0.0.0.0/0"]
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
  }
  egress {
    cidr_blocks = ["0.0.0.0/0"]
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
  }
}