vpc-sg-open-only-to-authorized-ports

Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic. The rule is NON_COMPLIANT if there is a security group with inbound 0.0.0.0/0. with no ports provided in the parameters.

Identifier: VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS

Trigger type: Configuration changes

AWS Region: All supported AWS regions

Parameters:

authorizedTcpPorts (Optional): Comma-separated list of TCP ports authorized to be open to 0.0.0.0/0. Ranges are defined by a dash; for example, "443,1020-1025".
authorizedUdpPorts (Optional): Comma-separated list of UDP ports authorized to be open to 0.0.0.0/0. Ranges are defined by a dash; for example, "500,1020-1025".

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

vpc-flow-logs-enabled

vpc-vpn-2-tunnels-up