Security Group Ingress Valid

ID: rule:aliyun:sg-public-access-check
Severity: high
IaC Types: ROS, Terraform

Description

Security group ingress rules should not allow all ports (-1/-1) from all sources (0.0.0.0/0) simultaneously.

Reason for Violation

The security group has an ingress rule that allows all ports from all sources (0.0.0.0/0 with port range -1/-1), which poses a critical security risk.

Recommendation

Either restrict the source IP range to specific CIDR blocks or limit the port range to specific ports based on actual business requirements.

Resource Types

ROS: ALIYUN::ECS::SecurityGroup
ROS: ALIYUN::ECS::SecurityGroupIngress
ROS: ALIYUN::ECS::SecurityGroupIngresses
Terraform: alicloud_security_group
Terraform: alicloud_security_group_rule
Terraform: alicloud_security_group_rules

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types