aws-vpc-no-public-ingress-sgr.md

Pattern: Use of public AWS ingress security group rule

Issue: -

Description

Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.

Resolution: Set a more restrictive cidr range.

Examples

Example of incorrect code:

resource "aws_security_group_rule" "bad_example" {
	type = "ingress"
	cidr_blocks = ["0.0.0.0/0"]
}

Example of correct code:

resource "aws_security_group_rule" "good_example" {
	type = "ingress"
	cidr_blocks = ["10.0.0.0/16"]
}