Overview

A Config rule that checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPCs) allows only specific inbound TCP or UDP traffic. The rule and any security group with inbound 0.0.0.0/0. is NON_COMPLIANT, if you do not provide any ports in the parameters.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: vpc-sg-open-only-to-authorized-ports
      Description: >-
        A Config rule that checks whether the security group with 0.0.0.0/0 of
        any Amazon Virtual Private Cloud (Amazon VPCs) allows only specific
        inbound TCP or UDP traffic. The rule and any security group with inbound
        0.0.0.0/0. is NON_COMPLIANT, if you do n...
      Scope:
        ComplianceResourceTypes:
          - 'AWS::EC2::SecurityGroup'
      Source:
        Owner: AWS
        SourceIdentifier: VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Rule Parameters

 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: