<- All Guardrails
Terraform Policy
Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
Copy
GUARDRAIL "[CIS - AWS] 5.3 Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports"
  WHEN aws_security_group_rule.type = "ingress" AND aws_security_group_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group_rule.from_port = -1 AND aws_security_group_rule.to_port = -1)
    REQUIRE EVERY cidr_blocks != "0.0.0.0/0"
  WHEN aws_security_group.ingress AND aws_security_group.ingress.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group.ingress.from_port = -1 AND aws_security_group.ingress.to_port = -1)
    REQUIRE EVERY ingress.cidr_blocks != "0.0.0.0/0"    
  WHEN aws_security_group_rule.type = "ingress" AND aws_security_group_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group_rule.from_port <= 22 AND aws_security_group_rule.to_port >= 22)
    REQUIRE EVERY cidr_blocks != "0.0.0.0/0"
  WHEN aws_security_group.ingress AND aws_security_group.ingress.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group.ingress.from_port = 22 AND aws_security_group.ingress.to_port = 22)
    REQUIRE EVERY ingress.cidr_blocks != "0.0.0.0/0"    
  WHEN aws_security_group_rule.type = "ingress" AND aws_security_group_rule.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group_rule.from_port <= 3389 AND aws_security_group_rule.to_port >= 3389)
    REQUIRE EVERY cidr_blocks != "0.0.0.0/0"
  WHEN aws_security_group.ingress AND aws_security_group.ingress.protocol IN ["tcp", "6", "udp", "17", "all", "-1"] AND (aws_security_group.ingress.from_port = 3389 AND aws_security_group.ingress.to_port = 3389)
    REQUIRE EVERY ingress.cidr_blocks != "0.0.0.0/0"        
  OVERRIDE WITH APPROVAL @security
Import into Resourcely
Why import into Resourcely?
Made by
Resourcely
Provider
AWS
Compliance Standards
(see all)
Category
Access and identity