DB Security Group Open To Large Scope

• Query id: 4f615f3e-fb9c-4fad-8b70-2e9f781806ce
• Query name: DB Security Group Open To Large Scope
• Platform: Terraform
• Severity: High
• Category: Networking and Firewall
• URL: Github

Description

The IP address in a DB Security Group must not have more than 256 hosts.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_db_security_group" "positive1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/24"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_db_security_group" "negative1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/25"
  }
}