AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: restricted-common-ports
      Description: >-
        A Config rule that checks whether security groups in use do not allow
        restricted incoming TCP traffic to the specified ports. This rule
        applies only to IPv4.
      InputParameters:
        blockedPort1: '20'
        blockedPort2: '21'
        blockedPort3: '3389'
        blockedPort4: '3306'
        blockedPort5: '4333'
      Scope:
        ComplianceResourceTypes:
          - 'AWS::EC2::SecurityGroup'
      Source:
        Owner: AWS
        SourceIdentifier: RESTRICTED_INCOMING_TRAFFIC
Parameters: {}
Metadata: {}
Conditions: {}