Risk Level: High
Cloud Entity: AWS EC2 SecurityGroup
CloudGuard Rule ID: D9.CFT.NET.25
Covered by Spectral: Yes
Category: Security, Identity, & Compliance
AWS_EC2_SecurityGroup should not have SecurityGroupIngress contain-any [ CidrIp='0.0.0.0/0' and FromPort>=2379 and ToPort<=2379 ]
SecurityGroupIngress.CidrIp property to a restrictive IP address or IP range.
A Security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. AWS::EC2::SecurityGroup Specifies a security group. To create a security group, use the VpcId property to specify the VPC for which to create the security group.
- AWS CloudFormation ruleset
Updated 3 months ago