Public Port Wide

• Query id: 71ea648a-d31a-4b5a-a589-5674243f1c33
• Query name: Public Port Wide
• Platform: Ansible
• Severity: High
• Category: Networking and Firewall
• CWE: 285
• URL: Github

Description

AWS Security Group should not have public port wide
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: example ec2 group
  amazon.aws.ec2_group:
    name: example
    description: an example EC2 group
    vpc_id: 12345
    region: eu-west-1
    rules:
      - proto: tcp
        from_port: 80
        to_port: 82
        cidr_ip: 0.0.0.0/0
      - proto: tcp
        from_port: 2
        to_port: 22
        cidr_ipv6: ::/0

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: example ec2 group v2
  amazon.aws.ec2_group:
    name: example
    description: an example EC2 group
    vpc_id: 12345
    region: eu-west-1
    rules:
    - proto: tcp
      from_port: 80
      to_port: 80
      cidr_ip: 0.0.0.0/0
    - proto: tcp
      from_port: 22
      to_port: 22
      cidr_ip: 10.0.0.0/8