Security group does not open risky ports to 0.0.0.0/0

ID: rule:aliyun:sg-risky-ports-check
Severity: high

Description

When security group ingress rule source is set to 0.0.0.0/0, the port range should not include specified risky ports, considered compliant. If source is not 0.0.0.0/0, it's compliant even if risky ports are included.

Reason for Violation

Security group opens risky ports to all IP addresses (0.0.0.0/0)

Recommendation

Remove risky port rules from security group ingress rules or restrict source IP range

Resource Types

ALIYUN::ECS::SecurityGroup

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types