Ensure that every security group egress object has a description

Security group egress defines security rule to allow or restrict outbound traffic. Not having appropriate description may make the security group rules hard to understand and maintain.

Risk Level: Informational
Cloud Entity: AWS EC2 SecurityGroupEgress
CloudGuard Rule ID: D9.CFT.OPE.17
Covered by Spectral: No
Category: Security, Identity, & Compliance


AWS_EC2_SecurityGroupEgress should have Description


From CFT
Set AWS::EC2::SecurityGroupEgress Description property to an appropriate description.


  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-description

AWS EC2 SecurityGroupEgress

SecurityGroupEgress Adds the specified egress rules to a security group for use with a VPC. Use AWS::EC2::SecurityGroupIngress and AWS::EC2::SecurityGroupEgress only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group.

Compliance Frameworks

  • AWS CloudFormation ruleset