EC2 group has SQL analysis services port publicly accessible

aws_ec2_group_sql_tcp_port_access

Severity

low

Vendor

AWS

Resource

Network

Description

EC2 group has SQL analysis services port publicly accessible 2383 (TCP). Unrestricted access can increase opportunities for malicious activities.

To fix it, you must configure range ips different to: cidr_ip=0.0.0.0/0 or cidr_ipv6=::/0.

Learn more about this topic at AWS Security Groups.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg with rule descriptions
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: tcp
            ports:
            - 2383
            cidr_ip: 0.0.0.0/0
            rule_desc: allow 2383

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg with rule descriptions
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: tcp
            ports:
            - 2383
            cidr_ip: 192.165.192.165/32
            rule_desc: allow 2383