turbot/aws_insights

Query: vpc_security_unrestricted_ingress

Usage

powerpipe query aws_insights.query.vpc_security_unrestricted_ingress

SQL

select
'Unrestricted Ingress (Excludes ICMP)' as label,
count(*) as value,
case
when count(*) = 0 then 'ok'
else 'alert'
end as type
from
aws_vpc_security_group_rule
where
(
cidr_ipv4 = '0.0.0.0/0'
or cidr_ipv6 = '::/0'
)
and ip_protocol <> 'icmp'
and (
from_port = -1
or (
from_port = 0
and to_port = 65535
)
)
and not is_egress
and group_id = $1;

Dashboards

The query is used in the dashboards: