Remote Desktop Port is open to all internet

ID

aws_ec2_group_rdp_open

Severity

high

Vendor

AWS

Resource

Network

Tags

reachable

Description

Remote desktop Port is open to all internet. Unrestricted access can increase opportunities for malicious activities. It is important that you mitigate as much risk as possible when opening up management and communication ports into your EC2 instance.

To fix it, you must configure the allowed IPs that can access to the Remote Desktop Port with the property different to rules.cidr_ip=0.0.0.0/0 or cidr_ipv6=::/0 depends on the property that you are using.

Learn more about this topic at AWS EC2 Windows access.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg with rule descriptions
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: tcp
            ports:
            - 3389
            cidr_ip: 0.0.0.0/0
            rule_desc: allow all on port 3389

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg with rule descriptions
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: tcp
            ports:
            - 3389
            cidr_ip: 192.165.192.165/32
            rule_desc: allow all on port 3389