Skip to main content

Security Group Non-Whitelist Port Ingress Check

ID: rule:aliyun:ecs-security-group-white-list-port-check
Severity: high
IaC Types: ROS, Terraform

Description

Except for whitelisted ports (80), other ports should not have ingress rules allowing access from 0.0.0.0/0.

Reason for Violation

The security group allows access to non-whitelisted ports from all sources (0.0.0.0/0), which may expose unnecessary services to the internet.

Recommendation

Only allow whitelisted ports (e.g., 80 for HTTP) to be accessible from 0.0.0.0/0. Restrict other ports to specific trusted source IP ranges.

Resource Types

ROS: ALIYUN::ECS::SecurityGroup
ROS: ALIYUN::ECS::SecurityGroupIngress
ROS: ALIYUN::ECS::SecurityGroupIngresses
Terraform: alicloud_security_group
Terraform: alicloud_security_group_rule
Terraform: alicloud_security_group_rules

Description
Reason for Violation
Recommendation
Resource Types