Skip to content

Latest commit

 

History

History
46 lines (34 loc) · 940 Bytes

AWS018.md

File metadata and controls

46 lines (34 loc) · 940 Bytes

Pattern: Missing description for security group/security group rule

Issue: -

Description

Security groups and security group rules should include a description for auditing purposes.

Simplifies auditing, debugging, and managing security groups.

Resolution: Add descriptions for all security groups anf rules.

Examples

Example of incorrect code:

resource "aws_security_group" "bad_example" {
  name        = "http"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}

Example of correct code:

resource "aws_security_group" "good_example" {
  name        = "http"
  description = "Allow inbound HTTP traffic"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}