Security Group Allows Excessive Inbound Port Ranges

Overview

Checks that the security group allows no more than five (5) TCP or UDP ports.

You should minimize potential attack paths by using tightly scoped security group rules, even on non-Internet facing resources. One indicator of this is tightly scoped security groups applied to every compute resource that only allow a limited number of inbound ports (i.e. no more than 5).

Vendor

AWS

Cloud Service

EC2

CSMM v1 NET-03.2

References

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html

Severity

Item Types

AWS::EC2::SecurityGroup

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​