Security Group Non-Whitelist Port Ingress Check
ID: rule:aliyun:ecs-security-group-white-list-port-check
Severity: high
Description
Except for whitelisted ports (80), other ports should not have ingress rules allowing access from 0.0.0.0/0.
Reason for Violation
The security group allows access to non-whitelisted ports from all sources (0.0.0.0/0), which may expose unnecessary services to the internet.
Recommendation
Only allow whitelisted ports (e.g., 80 for HTTP) to be accessible from 0.0.0.0/0. Restrict other ports to specific trusted source IP ranges.
Resource Types
ALIYUN::ECS::SecurityGroupALIYUN::ECS::SecurityGroupIngressALIYUN::ECS::SecurityGroupIngresses