An unknown port has been exposed in the EC2 group

ID

aws_ec2_group_unknown_port

Severity

low

Vendor

AWS

Resource

Network

Tags

reachable

Description

An unknown port has been exposed in the EC2 group. An unknown port has been exposed to all internet. Unrestricted access can increase opportunities for malicious activities.

To fix it, you must configure range ips different to: cidr_ip=0.0.0.0/0 or cidr_ipv6=::/0 or configure known ports with the properties from_port to to_port.

Learn more about this topic at AWS CIDR subnet reservation.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example using ICMP types and codes
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg for ICMP
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: icmp
            icmp_type: 3
            icmp_code: 1
            cidr_ip: 0.0.0.0/0
            from_port: 444
            to_port: 444

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: example using ICMP types and codes
      amazon.aws.ec2_security_group:
        name: "{{ name }}"
        description: sg for ICMP
        vpc_id: vpc-xxxxxxxx
        profile: "{{ aws_profile }}"
        region: us-east-1
        rules:
          - proto: icmp
            icmp_type: 3
            icmp_code: 1
            cidr_ip: 0.0.0.0/0
            from_port: 443
            to_port: 443