An egress security group rule allows traffic to /0.
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
Impact
Your port is egressing data to the internet
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Set a more restrictive cidr range
1
2
3
4
5
6
7
8
9
10
11
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of egress rule
Resources:
BadSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
IpProtocol: "6"