An ingress security group rule allows traffic from /0.
Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.
Impact
Your port exposed to the internet
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Set a more restrictive cidr range
1
2
3
4
5
6
7
8
9
10
11
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of ingress rule
Resources:
BadSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupIngress:
- CidrIp: 127.0.0.1/32
IpProtocol: "6"