AWS Security Group allows all traffic on all ports
Description
By allowing all ingress traffic on all ports, AWS security group permits unrestricted internet access. Make sure that ports are defined properly
Code Example
go
resource "aws_security_group" "example" {
name = "allow-all-ingress"
ingress {
cidr_blocks = ["0.0.0.0/0"]
- from_port = -1
- to_port = -1
+ from_port = 443
+ to_port = 443
protocol = "tcp"
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0325 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_277 |