Ensure that every security group ingress object has a description

Security group ingress defines security rule to allow or restrict inbound traffic. Not having appropriate description may make the security group rules hard to understand and maintain.

Suggest Edits

Risk Level: Informational
Cloud Entity: AWS Security Group
CloudGuard Rule ID: D9.CFT.OPE.16
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

AWS_EC2_SecurityGroupIngress should have Description

REMEDIATION

From CFT
Set AWS::EC2::SecurityGroupIngress Description property to an appropriate description.

References

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html#cfn-ec2-security-group-ingress-description

AWS Security Group

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

Compliance Frameworks

AWS CloudFormation ruleset

Updated about 1 year ago