EC2 Security Group References Itself

Overview

Detects security groups with rules that are self-referencing and contain a wide port range. This can pose a security risk. If not needed, the rules should be revoked or restricted.

Vendor

AWS

Cloud Service

EC2

Input

{"portWidth":{"label":"Maximum number of self-referencing ports per security group","helpText":"The maximum number of ports allowed among all rules in the security group.\nThe number should be kept relatively low, since the intent is to allow self-referencing security groups that contain narrow port ranges defined with intent,\nwhile failing self-referencing security groups with wide open port ranges, because those pose a security risk.","type":"number","value":10}}

Severity

Item Types

AWS::EC2::SecurityGroup

Overview​

Vendor​

Cloud Service​

Input​

Severity​

Item Types​