Unrestricted Security Group Ingress
- Query id: 83c5fa4c-e098-48fc-84ee-0a537287ddd2
- Query name: Unrestricted Security Group Ingress
- Platform: Ansible
- Severity: High
- Category: Networking and Firewall
- CWE: 668
- URL: Github
Description¶
Security groups allow ingress from 0.0.0.0/0
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: example1
amazon.aws.ec2_group:
name: example1
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ip: 0.0.0.0/0
- name: example2
amazon.aws.ec2_group:
name: example2
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ip:
- 0.0.0.0/0
- name: example3
amazon.aws.ec2_group:
name: example3
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ipv6: ::/0
- name: example4
amazon.aws.ec2_group:
name: example4
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ipv6:
- ::/0
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: example1
amazon.aws.ec2_group:
name: example1
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ip: 172.16.17.0/24
- name: example2
amazon.aws.ec2_group:
name: example2
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ip:
- 172.16.1.0/24
- name: example3
amazon.aws.ec2_group:
name: example3
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ipv6: 2607:F8B0::/32
- name: example4
amazon.aws.ec2_group:
name: example4
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
rules:
- proto: tcp
ports:
- 80
- 443
- 8080-8099
cidr_ipv6:
- 64:ff9b::/96
- 2607:F8B0::/32