Security Group Ingress Not Open All Protocols
ID: rule:aliyun:ecs-security-group-not-open-all-protocol
Severity: high
Description
Security group ingress rules should not allow all protocols. When the protocol type is not set to ALL, it is considered compliant.
Reason for Violation
The security group has an ingress rule that allows all protocols (IpProtocol=all), which poses a security risk by allowing any type of network traffic.
Recommendation
Restrict ingress rules to specific protocols (tcp, udp, icmp) based on actual business requirements instead of using 'all'.
Resource Types
ALIYUN::ECS::SecurityGroupALIYUN::ECS::SecurityGroupIngressALIYUN::ECS::SecurityGroupIngresses