Skip to main content

Security Group Ingress Not Open All Ports

ID: rule:aliyun:ecs-security-group-not-open-all-port
Severity: high
IaC Types: ROS, Terraform

Description

Security group ingress rules should not allow all ports. When the port range is not set to -1/-1, it is considered compliant.

Reason for Violation

The security group has an ingress rule that allows all ports (PortRange=-1/-1), which poses a security risk by allowing access to any port.

Recommendation

Restrict ingress rules to specific port ranges based on actual business requirements instead of using '-1/-1' (all ports).

Resource Types

ROS: ALIYUN::ECS::SecurityGroup
ROS: ALIYUN::ECS::SecurityGroupIngress
ROS: ALIYUN::ECS::SecurityGroupIngresses
Terraform: alicloud_security_group
Terraform: alicloud_security_group_rule
Terraform: alicloud_security_group_rules

Description
Reason for Violation
Recommendation
Resource Types