Missing description for security group/security group rule.
Security groups and security group rules should include a description for auditing purposes.
Simplifies auditing, debugging, and managing security groups.
Impact
Descriptions provide context for the firewall rule reasons
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Add descriptions for all security groups and rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Resources:
GoodExampleCacheGroup:
Type: AWS::ElastiCache::SecurityGroup
Properties:
Description: Some description
GoodExampleEc2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: GoodExample
GroupDescription: Good Elasticache Security Group
GoodSecurityGroupIngress:
Type: AWS::ElastiCache::SecurityGroupIngress
Properties:
CacheSecurityGroupName: GoodExampleCacheGroup
EC2SecurityGroupName: GoodExampleEc2SecurityGroup
|
Add descriptions for all security groups and rules
1
2
3
4
5
6
7
8
9
10
|
resource "aws_security_group" "bar" {
name = "security-group"
}
resource "aws_elasticache_security_group" "good_example" {
name = "elasticache-security-group"
security_group_names = [aws_security_group.bar.name]
description = "something"
}
|
Links