Jump to Content

Platform Resources Sign in Sign Up

Networking Policies

How to Use this Page

This page lists the AWS Networking Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure AWS Security Group does not allow all traffic on SSH port 22
Policy ID: BC_AWS_NETWORKING_1

Ensure Security Groups do not allow ingress from 0.0.0.0/0 to port 3389
Policy ID: BC_AWS_NETWORKING_2

Ensure AWS Default Security Group restricts all traffic
Policy ID: BC_AWS_NETWORKING_4

Ensure VPC peering routing tables have least access
Policy ID: BC_AWS_NETWORKING_5

Ensure EC2 instances do not have security groups attached
Policy ID: BC_AWS_NETWORKING_6

Ensure AWS VPC endpoints are not exposed
Policy ID: BC_AWS_NETWORKING_9

Ensure Security Groups do not have unrestricted access
Policy ID: BC_AWS_NETWORKING_10

Ensure Security Groups accept traffic only from ports 80 and 443
Policy ID: BC_AWS_NETWORKING_11

Ensure EC2 instance does not have unrestricted security group attached
Policy ID: BC_AWS_NETWORKING_12

Ensure RDS database does not have unrestricted security group attached
Policy ID: BC_AWS_NETWORKING_13

Ensure network interface does not have unrestricted security group attached
Policy ID: BC_AWS_NETWORKING_14

Ensure classical load balancer does not have unrestricted security group attached
Policy ID: BC_AWS_NETWORKING_15

Ensure application load balancer does not have unrestricted security group attached
Policy ID: BC_AWS_NETWORKING_16

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 9300 (Elasticsearch)
Policy ID: BC_AWS_NETWORKING_17

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 5601 (Kibana)
Policy ID: BC_AWS_NETWORKING_18

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 6379 (Redis)
Policy ID: BC_AWS_NETWORKING_19

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 2379 (etcd)
Policy ID: BC_AWS_NETWORKING_20

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP 27017 (MongoDB)
Policy ID: BC_AWS_NETWORKING_21

Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP 27018 (MongoDB)
Policy ID: BC_AWS_NETWORKING_22

Ensure Security Group attached to ELB instance does not allow inbound traffic from all to TCP 27017 (MongoDB)
Policy ID: BC_AWS_NETWORKING_23

Ensure Security Group attached to ELB instance does not allow inbound traffic from all to TCP 27018 (MongoDB)
Policy ID: BC_AWS_NETWORKING_24

Ensure Security Group attached to application load balancer instance does not allow inbound traffic from all to TCP 27017 (MongoDB)
Policy ID: BC_AWS_NETWORKING_25

Ensure Security Group attached to application load balancer instance does not allow inbound traffic from all to TCP 27018 (MongoDB)
Policy ID: BC_AWS_NETWORKING_26

Do not use default settings of a VPC
Policy ID: BC_AWS_NETWORKING_27

Ensure Internet-facing ELBs are whitelisted
Policy ID: BC_AWS_NETWORKING_28

Ensure ALB protocol is HTTPS
Violation ID: BC_AWS_NETWORKING_29

Ensure every Security Group rule has a description
Policy ID: BC_AWS_NETWORKING_31

Ensure CloudFront distribution ViewerProtocolPolicy is set to HTTPS
Policy ID: BC_AWS_NETWORKING_32

Ensure CloudFront distributions do not use deprecated SSL protocols
Policy ID: BC_AWS_NETWORKING_33

Ensure ELBs do not allow insecure SSL protocols or ciphers
Policy ID: BC_AWS_NETWORKING_34

Ensure EC2 instances behind load balancers are not publicly accessible
Policy ID: BC_AWS_NETWORKING_35

Ensure ELBs use SSL listeners
Policy ID: BC_AWS_NETWORKING_36

Ensure DocDB TLS is not disabled
Policy ID: BC_AWS_NETWORKING_37

Ensure AWS SageMaker notebook instance is configured with direct internet access feature
Policy ID: BC_AWS_NETWORKING_38

VPC endpoint service is configured for manual acceptance
Policy ID: BC_AWS_NETWORKING_39

Ensure Amazon EMR clusters' security groups are not open to the world
Policy ID: BC_AWS_NETWORKING_40

Ensure that ALB drops HTTP headers
Policy ID: BC_AWS_NETWORKING_41

Ensure that Elasticsearch is configured inside a VPC
Policy ID: BC_AWS_NETWORKING_42

Ensure ELB has cross-zone-load-balancing enabled
Policy ID: BC_AWS_NETWORKING_43

AWS Redshift Clusters Should Not Be Publicly Accessible
Policy ID: BC_AWS_NETWORKING_44

Ensure auto scaling groups associated with a load balancer use elastic load balancing health checks
Policy ID: BC_AWS_NETWORKING_46

Ensure AWS EC2 instance is configured with VPC
Policy ID: BC_AWS_NETWORKING_47

Ensure all EIP addresses allocated to a VPC are attached to EC2 instances or NAT Gateways
Policy ID: BC_AWS_NETWORKING_48

Ensure ALB redirects HTTP requests into HTTPS ones
Policy ID: BC_AWS_NETWORKING_49

Ensure all NACL are attached to subnets
Policy ID: BC_AWS_NETWORKING_50

Ensure Security Groups are attached to EC2 instances or ENIs
Policy ID: BC_AWS_NETWORKING_51

Ensure S3 Bucket has public access blocks
Policy ID: BC_AWS_NETWORKING_52

Ensure VPC subnets do not assign public IP by default
Policy ID: BC_AWS_NETWORKING_53

Ensure no default VPC is planned to be provisioned
Policy ID: BC_AWS_NETWORKING_54

Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled
Policy ID: BC_AWS_NETWORKING_55

Ensure Redshift is not deployed outside of a VPC
Policy ID: BC_AWS_NETWORKING_56

Ensure Transfer Server is not exposed publicly
Policy ID: BC_AWS_NETWORKING_57

Ensure public facing ALB are protected by WAF
Policy ID: BC_AWS_NETWORKING_58

Ensure public API gateway are protected by WAF
Policy ID: BC_AWS_NETWORKING_59

Security Group modifications detected
Policy ID: BC_AWS_ALERT_3

Updated over 1 year ago