Security Group With Unrestricted Access To SSH

• Query id: 57ced4b9-6ba4-487b-8843-b65562b90c77
• Query name: Security Group With Unrestricted Access To SSH
• Platform: Ansible
• Severity: High
• Category: Networking and Firewall
• URL: Github

Description

'SSH' (TCP:22) should not be public in AWS Security Group
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

- name: example ec2 group
  amazon.aws.ec2_group:
    name: example
    description: an example EC2 group
    vpc_id: 12345
    region: eu-west-1
    rules:
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ip: 79.32.0.0/12
      - proto: tcp
        from_port: -1
        to_port: -1
        cidr_ip: 79.32.0.0/12
      - proto: tcp
        from_port: 22
        to_port: 22
        cidr_ipv6: 2607:F8B0::/24

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: example ec2 group v2
  amazon.aws.ec2_group:
    name: example
    description: an example EC2 group
    vpc_id: 12345
    region: eu-west-1
    rules:
    - proto: tcp
      from_port: 80
      to_port: 80
      cidr_ip: 79.32.0.0/8
    - proto: tcp
      from_port: 80
      to_port: 80
      cidr_ipv6: 64:ff9b::/96