New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue which Security group Ingress filter type #7830
Comments
you've given a snippet of the policy, instead of the whole policy, which does not make clear if you combining these filters in an |
as another suggestion, you might consider coming out to the slack/gitter channel for asking questions for interactive help from the community. |
Hi Kapil, Thank you for your response I have written on gitter as well but there was no reply so i thought i can raise a bug in git hub, I can write full policy but i cannot disclose the CIDR values as it is confidential. policies:
My query is : I have 5 CIDR Ranges where i have to detect those RDP ingress which are not in those 5 CIDR values which we have specified in that value section of the policy. Please help me . |
Describe the bug
We tired remediating the RDP ingress connection from some specific IP’s but filter section does not work as expected.
I have tired giving below filter section where it checks for those inbound connections of type RDP that are not in this five filter sections CIDR value but it evaluates only the first filter so any IP address which is in other four CIDR blocks is invalid which is wrong .
We are giving value as different valid CIDR's where we can have RDP connection from but looks it it doesnt even evaluate the any other ingress condition
We tired given the CIDR_value as array as below in the filter section but there also it evaluates to those CIDR which resides inside those CIDR range which is again wrong
What did you expect to happen?
I want Security Group to detect those RDP inbound connections which are not in that value list which i am specifying as five different CIDR values.
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
No response
Policy
Relevant log/traceback output
Extra information or context
No response
The text was updated successfully, but these errors were encountered: