Description

Security groups and security group rules should include a description for auditing purposes.

Simplifies auditing, debugging, and managing security groups.

Resolution: Add descriptions for all security groups anf rules.

Examples

Example of incorrect code:

resource "aws_security_group" "bad_example" {
  name        = "http"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}

Example of correct code:

resource "aws_security_group" "good_example" {
  name        = "http"
  description = "Allow inbound HTTP traffic"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

AWS018.md

AWS018.md

Description

Examples

Files

AWS018.md

Latest commit

History

AWS018.md

File metadata and controls

Description

Examples