Risk Level: Informational
Cloud Entity: AWS EC2 SecurityGroup
CloudGuard Rule ID: D9.CFT.OPE.20
Covered by Spectral: Yes
Category: Security, Identity, & Compliance
AWS_EC2_SecurityGroup should not have ( SecurityGroupEgress with [ Description isEmpty() ] and SecurityGroupIngress with [ Description isEmpty() ])
- Add a description to your ingress or egress rules.
- Use the property 'Description' in the rule for both AWS::EC2::SecurityGroup Egress and AWS::EC2::SecurityGroup Ingress.
Resources: InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: "What is the purpose of this Security Group" SecurityGroupIngress: ... Description : "What does this rule allow" ... SecurityGroupEgress: ... Description : "What does this rule allow" ...
A Security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. AWS::EC2::SecurityGroup Specifies a security group. To create a security group, use the VpcId property to specify the VPC for which to create the security group.
- AWS CloudFormation ruleset
Updated 3 months ago