Query: VPC Security groups should only allow unrestricted incoming traffic for authorized ports

Description

This control checks whether the VPC security groups that are in use allow unrestricted incoming traffic. Optionally the rule checks whether the port numbers are listed in the authorizedTcpPorts parameter. The default values for authorizedTcpPorts are 80 and 443.

Query

Tables used in this query:

• aws_vpc_security_group
• aws_vpc_security_group_rule

Controls using this query:

• 18 Security groups should only allow unrestricted incoming traffic for authorized ports
• VPC Security groups should only allow unrestricted incoming traffic for authorized ports

SQL