Security Group Ingress Valid

ID: rule:aliyun:sg-public-access-check
Severity: high

Description

Security group ingress rules should not allow all ports (-1/-1) from all sources (0.0.0.0/0) simultaneously.

Reason for Violation

The security group has an ingress rule that allows all ports from all sources (0.0.0.0/0 with port range -1/-1), which poses a critical security risk.

Recommendation

Either restrict the source IP range to specific CIDR blocks or limit the port range to specific ports based on actual business requirements.

Resource Types

ALIYUN::ECS::SecurityGroup
ALIYUN::ECS::SecurityGroupIngress
ALIYUN::ECS::SecurityGroupIngresses

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types