Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress #6755

Merged
merged 1 commit into from
Jun 13, 2024
Merged

feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress #6755

merged 1 commit into from
Jun 13, 2024

Conversation

nikpivkin
Copy link
Contributor

@nikpivkin nikpivkin commented May 23, 2024
edited
Loading

Description

Added support for AWS::EC2::SecurityGroupIngress and AWS::EC2::SecurityGroupEgress resources.

Related issues

2024-05-23T17:28:41+06:00	INFO	Misconfiguration scanning is enabled
2024-05-23T17:29:09+06:00	INFO	Detected config files	num=1

templ.yaml (cloudformation)

Tests: 8 (SUCCESSES: 6, FAILURES: 2, EXCEPTIONS: 0)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

CRITICAL: Security group rule allows ingress from public internet.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0107
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 templ.yaml:17
   via templ.yaml:10-17 (SecurityGroupIngress)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  10     SecurityGroupIngress:
  11       Type: 'AWS::EC2::SecurityGroupIngress'
  12       Properties:
  13         GroupId: !Ref SecurityGroup
  14         IpProtocol: tcp
  15         FromPort: '22'
  16         ToPort: '22'
  17 [       CidrIp: 0.0.0.0/0
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@nikpivkin nikpivkin marked this pull request as ready for review May 23, 2024 11:29
@nikpivkin nikpivkin requested a review from simar7 as a code owner May 23, 2024 11:29
@simar7 simar7 added this pull request to the merge queue Jun 13, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jun 13, 2024
@simar7 simar7 added this pull request to the merge queue Jun 13, 2024
Merged via the queue into aquasecurity:main with commit 55fa610 Jun 13, 2024
15 checks passed
@aqua-bot aqua-bot mentioned this pull request Jun 13, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(cloudformation): add support for AWS::EC2::SecurityGroupIngress/Egress
2 participants
@nikpivkin @simar7