Ensure Transfer Server is not exposed publicly

Error: Transfer Server is publicly exposed

Bridgecrew Policy ID: BC_AWS_NETWORKING_57
Checkov Check ID: CKV_AWS_164
Severity: MEDIUM

Transfer Server is publicly exposed

Description

By ensuring that your Azure Transfer Server is not public, you can help protect your data from unauthorized access or tampering. Public Azure Transfer Servers are accessible over the internet, which can make them vulnerable to external threats such as hackers or malware. By making it private, you can help ensure that only authorized users can access the data.

Fix - Buildtime

Terraform

  • Resource: aws_transfer_server
  • Argument: endpoint_type
resource "aws_transfer_server" "test" {
  + endpoint_type = "VPC"
    protocols   = ["SFTP"]
}

CloudFormation

  • Resource: AWS::Transfer::Server
  • Argument: Properties.EndpointType
Resources: 
  VPC:
    Type: AWS::Transfer::Server
    Properties: 
    	...
+     EndpointType: "VPC" # or "VPC_ENDPOINT"