<- All Guardrails
Terraform Policy
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
Copy
GUARDRAIL "[CIS - AWS] 5.2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports"
  WHEN aws_network_acl_rule.rule_action = "allow" AND aws_network_acl_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_network_acl_rule.from_port = -1 AND aws_network_acl_rule.to_port = -1)
    REQUIRE cidr_block != "0.0.0.0/0" OR ipv6_cidr_block != "::/0"
  WHEN aws_network_acl_rule.rule_action = "allow" AND aws_network_acl_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_network_acl_rule.from_port <= 22 AND aws_network_acl_rule.to_port >= 22)
    REQUIRE cidr_block != "0.0.0.0/0" OR ipv6_cidr_block != "::/0"
  WHEN aws_network_acl_rule.rule_action = "allow" AND aws_network_acl_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_network_acl_rule.from_port <= 3389 AND aws_network_acl_rule.to_port >= 3389)
    REQUIRE cidr_block != "0.0.0.0/0" OR ipv6_cidr_block != "::/0"
  OVERRIDE WITH APPROVAL @security
Import into Resourcely
Why import into Resourcely?
Made by
Resourcely
Provider
AWS
Compliance Standards
(see all)
AWS CIS v3.0.0
Category
Access and identity