Ensure Security Groups are attached to EC2 instances or ENIs

Error: Security Groups are not attached to EC2 instances or ENIs

Bridgecrew Policy ID: BC_AWS_NETWORKING_51
Checkov Check ID: CKV2_AWS_5
Severity: LOW

Security Groups are not attached to EC2 instances or ENIs

Description

A check to ensure that orphaned Security groups aren't created. Elastic Network Interfaces (ENIs). This checks that Security Groups are attached to provisioning resources.

Fix - Buildtime

Terraform

  • Resource: aws_network_interface, aws_instance, aws_security_group
  • Argument: security_groups of aws_instance or aws_security_group
resource "aws_network_interface" "test" {
  subnet_id       = "aws_subnet.public_a.id"
  security_groups = [aws_security_group.ok_sg.id]
}

resource "aws_instance" "test" {
  ami           = "data.aws_ami.ubuntu.id"
  instance_type = "t3.micro"
  security_groups = [aws_security_group.ok_sg.id]
}

resource "aws_security_group" "ok_sg" {
  ingress {
    description = "TLS from VPC"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = 0.0.0.0/0
  }
}

Did this page help you?