DB Security Group Has Public Interface
- Query id: f0d8781f-99bf-4958-9917-d39283b168a0
- Query name: DB Security Group Has Public Interface
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- CWE: 668
- URL: Github
Description¶
The CIDR IP should not be a public interface
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_db_security_group" "positive1" {
name = "rds_sg"
ingress {
cidr = "0.0.0.0/0"
}
}
Positive test num. 2 - tf file
resource "aws_db_security_group" "positive1" {
name = "rds_sg"
ingress {
cidr = "10.0.0.0/8"
}
ingress {
cidr = "0.0.0.0/0"
}
}