An Network ACL rule allows ALL ports.
Ensure access to specific required ports is allowed, and nothing else.
Impact
All ports exposed for ingressing/egressing data
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Set specific allowed ports
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of excessive ports
Resources:
NetworkACL:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: "something"
RuleAction: "allow"
Rule:
Type: AWS::EC2::NetworkAclEntry
Properties:
RuleAction: "allow"
NetworkAclId:
Ref: NetworkACL
Protocol: 6
|
Set specific allowed ports
1
2
3
4
5
6
7
8
9
|
resource "aws_network_acl_rule" "good_example" {
egress = false
protocol = "tcp"
from_port = 22
to_port = 22
rule_action = "allow"
cidr_block = "0.0.0.0/0"
}
|
Links