A Config rule that checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPCs) allows only specific inbound TCP or UDP traffic. The rule and any security group with inbound 0.0.0.0/0. is NON_COMPLIANT, if you do not provide any ports in the parameters.

This config rule supports the following parameters:

  • authorizedTcpPorts
    • Required: No
    • Type: String
    • Description:Comma-separated list of TCP ports authorized to be open to 0.0.0.0/0. Ranges are defined by dash, for example, '443,1020-1025'.
  • authorizedUdpPorts
    • Required: No
    • Type: String
    • Description:Comma-separated list of UDP ports authorized to be open to 0.0.0.0/0. Ranges are defined by dash, for example, '500,1020-1025'.

CloudFormation Template