MEDIUM
Source
Trivy
ID
AVD-OPNSTK-0003

A security group rule allows ingress traffic from multiple public addresses

Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Employ more restrictive security group rules

1
2
3
4
5
6
7
8
resource "openstack_networking_secgroup_rule_v2" "rule_1" {
  direction        = "ingress"
  ethertype        = "IPv4"
  protocol         = "tcp"
  port_range_min   = 22
  port_range_max   = 22
  remote_ip_prefix = "1.2.3.4/32"
}