The CIDR IP has public interface

ID

aws_ec2_group_public_interface

Severity

high

Vendor

AWS

Resource

Network

Tags

reachable

Description

The CIDR IP has public interface. The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation. They define which range of IP addresses are public and can be accessed by everyone and what range of IP addresses are private and who can use them.

The private IPs are:

Range

CIDR

Purpose

10.0.0.0 - 10.255.255.255

10.0.0.0/8

Big organizations

172.16.0.0 - 172.31..255.255

172.16.0.0/12

Default range when you create an AWS account

192.168.0.0 - 192.168.255.255

192.168.0.0/16

Small/Home network

Learn more about this topic at AWS CIDR subnet reservation.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example using ICMP types and codes
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg for ICMP
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: icmp
            icmp_type: 3
            icmp_code: 1
            cidr_ip: 143.14.0.0/12

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example using ICMP types and codes
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg for ICMP
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: icmp
            icmp_type: 3
            icmp_code: 1
            cidr_ip: 172.16.0.0/12