Add Description For Security Group | Vulnerability Database

Missing description for security group/security group rule.

Security groups and security group rules should include a description for auditing purposes. Simplifies auditing, debugging, and managing security groups.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Add descriptions for all security groups and rules

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


Resources:
  GoodExampleCacheGroup:
    Type: AWS::ElastiCache::SecurityGroup
    Properties:
      Description: Some description

  GoodExampleEc2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Good Elasticache Security Group
      GroupName: GoodExample

  GoodSecurityGroupIngress:
    Type: AWS::ElastiCache::SecurityGroupIngress
    Properties:
      CacheSecurityGroupName: GoodExampleCacheGroup
      EC2SecurityGroupName: GoodExampleEc2SecurityGroup

Add descriptions for all security groups and rules

1
2
3
4
5
6
7
8
9


resource "aws_security_group" "bar" {
  name = "security-group"
}

resource "aws_elasticache_security_group" "good_example" {
  name                 = "elasticache-security-group"
  security_group_names = [aws_security_group.bar.name]
  description          = "something"
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_security_group#description