Ensure Security Groups accept traffic only from ports 80 and 443
Error: Security Groups do not accept traffic only from ports 80 and 443
Bridgecrew Policy ID: BC_AWS_NETWORKING_11
Security Groups do not accept traffic only from ports 80 and 443
If you are hosting a public asset, such as a website on an EC2 instance, you should only allow users to connect to it through HTTP (port 80) or HTTPS (port 443). For HTTP traffic, add an inbound rule on port 80 from the source address 0.0.0.0/0. For HTTPS traffic, add an inbound rule on port 443 from the source address 0.0.0.0/0. These inbound rules allow traffic from IPv4 addresses.
We recommend you restrict unwanted traffic from internet facing EC2 instances by opening only web browsing ports. In addition, consider using AWS Elastic Load Balancers (ELB) as an alternative to open port access. AWS ELB is an important building block enabling the distribution of load to your backend instances in a round-robin fashion.
Fix - Runtime
Do not allow global access to well-known ports of an EC2 instance directly (except for 80 and 443).
Updated almost 2 years ago