Ensure AWS security groups do not allow ingress from 0.0.0.0/0 to port 80
Error: AWS security groups allow ingress from 0.0.0.0/0 to port 80
Bridgecrew Policy ID: BC_AWS_NETWORKING_67
Checkov Check ID: CKV_AWS_260
Severity: LOW
AWS security groups allow ingress from 0.0.0.0/0 to port 80
Description
Allowing ingress from 0.0.0.0/0 to port 80 (i.e. the HTTP port) can expose your Amazon Web Services (AWS) resources to potential security threats. This is because 0.0.0.0/0 represents all IP addresses, and allowing traffic from all IP addresses to port 80 can make it easier for attackers to access your resources.
By ensuring that your AWS security groups do not allow ingress from 0.0.0.0/0 to port 80, you can help protect your resources from potential attacks and unauthorized access. Instead, you should specify the IP addresses or ranges of IP addresses that are allowed to access your resources, and only allow traffic from those sources.
Fix - Buildtime
Terraform
resource "aws_security_group" "bar-sg" {
name = "sg-bar"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.foo-sg.id]
description = "foo"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
Updated 5 months ago