Missing description for security group rule.
Security group rules should include a description for auditing purposes.
Simplifies auditing, debugging, and managing security groups.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Add descriptions for all security groups rules
1
2
3
4
5
6
7
8
9
|
Resources:
GoodSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
Description: "Can connect to loopback"
IpProtocol: "-1"
|
Add descriptions for all security groups rules
1
2
3
4
5
6
7
8
9
10
11
12
13
|
resource "aws_security_group" "good_example" {
name = "http"
description = "Allow inbound HTTP traffic"
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
}
}
|
Links