Control: 5 Security groups should not allow ingress from 0.0.0.0/0 to port 22
This control checks whether security groups in use disallow unrestricted incoming SSH traffic.
It does not evaluate outbound traffic.
Note that security groups are stateful. If you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out regardless of outbound rules.
Perform the following steps for each security group associated with a VPC.
- Open the Amazon VPC console.
- In the navigation pane, under Security, choose Security groups.
- Select a
- In the bottom section of the page, choose
- Choose Edit
- Identify the rule that allows access through port 22 and then choose the
Xto remove it.
- Choose Save rules.
steampipe check aws_compliance.control.pci_v321_ec2_5
This control uses a named query:vpc_security_group_remote_administration