Not every Security Group rule has a description

Description

This policy ensures that each security group rule has a description to help identify the purpose of the rule. Descriptions improve the manageability and understanding of security group rules.

Code Example

resource "aws_security_group" "examplea" {
  name        = var.es_domain
  description = "Allow inbound traffic to ElasticSearch from VPC CIDR"
  vpc_id      = var.vpc


  ingress {
    cidr_blocks = ["10.0.0.0/16"]
   + description = "What does this rule enable"
    from_port   = 80
    protocol    = "tcp"
    to_port     = 80
  }
}

Remediation

Terraform

Add a description to your ingress or egress rule.

Rule Details

Field	Value
ID	IAC-0077
Severity	LOW
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_23

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Not every Security Group rule has a description

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Not every Security Group rule has a description ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Not every Security Group rule has a description

Description

Code Example

Remediation

Rule Details

References