vpc-sg-open-only-to-authorized-ports - AWS Config

vpc-sg-open-only-to-authorized-ports

Checks whether any security groups with inbound 0.0.0.0/0 have TCP or UDP ports accessible. The rule is NON_COMPLIANT when a security group with inbound 0.0.0.0/0 has a port accessible which is not specified in the rule parameters.

Identifier: VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Osaka) Region

Parameters:

authorizedTcpPorts (Optional)
Type: String

Comma-separated list of TCP ports authorized to be open to 0.0.0.0/0. Ranges are defined by dash, for example, "443,1020-1025".

authorizedUdpPorts (Optional)
Type: String

Comma-separated list of UDP ports authorized to be open to 0.0.0.0/0. Ranges are defined by dash, for example, "500,1020-1025".

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.