Security Group Ingress Not Open All Ports
ID: rule:aliyun:ecs-security-group-not-open-all-port
Severity: high
Description
Security group ingress rules should not allow all ports. When the port range is not set to -1/-1, it is considered compliant.
Reason for Violation
The security group has an ingress rule that allows all ports (PortRange=-1/-1), which poses a security risk by allowing access to any port.
Recommendation
Restrict ingress rules to specific port ranges based on actual business requirements instead of using '-1/-1' (all ports).
Resource Types
ALIYUN::ECS::SecurityGroupALIYUN::ECS::SecurityGroupIngressALIYUN::ECS::SecurityGroupIngresses