Validates a resource of type AWS::EC2::SecurityGroup and ``AWS::EC2::SecurityGroupIngressto validate no security group rules allow port 22 (SSH) to0.0.0.0/0`.
This will hook will fail on:
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "TestingSomeRules"
SecurityGroupIngress:
- IpProtocol: tcp
ToPort: 22
FromPort: 22
CidrIp: 0.0.0.0/0or
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "TestingSomeRules"
SecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref SecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
CidrIp: 0.0.0.0/0It will pass on
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "TestingSomeRules"
SecurityGroupIngress:
- IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0and
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "TestingSomeRules"
SecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref SecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
CidrIp: 10.0.0.0/16