EC2 Instance Using Default Security Group
- Query id: f1adc521-f79a-4d71-b55b-a68294687432
- Query name: EC2 Instance Using Default Security Group
- Platform: Terraform
- Severity: Medium
- Category: Access Control
- CWE: 732
- URL: Github
Description¶
EC2 instances should not use default security group(s)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_instance" "positive1" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
tags = {
Name = "HelloWorld"
}
security_groups = [aws_security_group.default.id]
}
Positive test num. 2 - tf file
resource "aws_instance" "positive2" {
ami = "ami-003634241a8fcdec0"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.default.id]
}