OCI VCN has no inbound security list
Description
This policy identifies the OCI Virtual Cloud Networks (VCN) that lack ingress rules configured in their security lists. It is recommended that Virtual Cloud Networks (VCN) security lists are configured with ingress rules which provide stateful and stateless firewall capability to control network access to your instances.
Code Example
go
resource "oci_core_security_list" "pass" {
compartment_id = oci_identity_compartment.tf-compartment.id
vcn_id = oci_core_vcn.test_vcn.id
+ ingress_security_rules {
+ protocol = "all"
+ source="192.168.1.0/24"
+ }
}Remediation
- OCI Console*
. Login to the OCI Console
. Type the resource reported in the alert into the Search box at the top of the Console.
. Click the resource reported in the alert from the Resources submenu
. Click on Ingress rules
. Click on Add Ingress Rules (To add ingress rules appropriately in the pop up)
. Click on Add Ingress Rules === Fix - Buildtime
Terraform
- Resource: oci_core_security_list
- Arguments: vcn_id + ingress_security_rules
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1243 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_16 |