Security Group Rule Without Description
- Query id: cb3f5ed6-0d18-40de-a93d-b3538db31e8c
- Query name: Security Group Rule Without Description
- Platform: Terraform
- Severity: Info
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
It's considered a best practice for AWS Security Group to have a description
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_security_group" "allow_tls" {
name = "allow_tls"
vpc_id = aws_vpc.main.id
ingress {
description = "TLS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block]
}
tags = {
Name = "allow_tls"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_security_group" "allow_tls" {
name = "allow_tls"
description = "Allow TLS inbound traffic"
vpc_id = aws_vpc.main.id
ingress {
description = "TLS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block]
}
tags = {
Name = "allow_tls"
}
}