AWS Config
Developer Guide

vpc-sg-open-only-to-authorized-ports

Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic. The rule and any security group with inbound 0.0.0.0/0. are NON_COMPLIANT if you do not provide any ports in the parameters.

Identifier: VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS

Trigger type: Configuration changes

Parameters:

authorizedTcpPorts (Optional)

Comma-separated list of TCP ports authorized to be open to 0.0.0.0/0. Ranges are defined by a dash; for example, "443,1020-1025".

authorizedUdpPorts (Optional)

Comma-separated list of UDP ports authorized to be open to 0.0.0.0/0. Ranges are defined by a dash; for example, "500,1020-1025".

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.