Ensure Tencent Cloud VPC security group rules do not accept all traffic

Description

This policy checks whether Tencent Cloud VPC security group rules accept all traffic. It is essential to restrict incoming traffic to only necessary sources to prevent unauthorized access to resources. Allowing all traffic can lead to security breaches and data exposure. By limiting ingress traffic, you can significantly reduce the attack surface of your infrastructure.

Code Example

terraform

resource "tencentcloud_security_group_rule_set" "example" {
  ingress {
    cidr_block = "10.0.0.0/16"
    action    = "ACCEPT"
  }
}

Remediation

Ensure the security group rule does not accept all traffic by specifying a restricted CIDR block or IPv6 CIDR block.

Rule Details

Field	Value
ID	IAC-1325
Severity	HIGH
IaC Type	Terraform
Frameworks	tencentcloud_security_group_rule_set
Checkov ID	CKV_TC_8

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure Tencent Cloud VPC security group rules do not accept all traffic

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure Tencent Cloud VPC security group rules do not accept all traffic ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure Tencent Cloud VPC security group rules do not accept all traffic

Description

Code Example

Remediation

Rule Details

References