Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Remove ACLs allow ingress from 0.0.0.0/0 such as 22 and 3389. #8137

Open
pareshcc opened this issue Jan 11, 2023 · 2 comments
Open

AWS Remove ACLs allow ingress from 0.0.0.0/0 such as 22 and 3389. #8137

pareshcc opened this issue Jan 11, 2023 · 2 comments
Labels
kind/enhancement

Comments

@pareshcc
Copy link

Describe the feature

I wanted to ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports. Public access to remote server administration ports, such as 22 and 3389, increases resource attack surface and unnecessarily raises the risk of resource compromise. I am trying below remediation, but it is not working, can some help me in this.

policies:
  - name: nacl
    resource: network-acl
    filters:
      - or:
        - type: ingress
          Ports: [20]
          Cidr:
            value: "0.0.0.0/0"
        - type: ingress
          Ports: [20]
          CidrV6:
            value: "::/0"    
        - type: ingress
          Ports: [3306]
          Cidr:
            value: "0.0.0.0/0"
        - type: ingress
          Ports: [20]
          CidrV6:
            value: "::/0"      
    actions:
      - delete

Extra information or context

No response
@pareshcc pareshcc changed the title Remove ACLs allow ingress from 0.0.0.0/0 such as 22 and 3389. AWS Remove ACLs allow ingress from 0.0.0.0/0 such as 22 and 3389. Jan 12, 2023
@thisisshi
Copy link
Member

rather than a delete action this should probably be remove-matched or something like that

@pareshcc
Copy link
Author

@thisisshi Sure I will try, but It is not supported filters as well using ingress/egress, can you help me in this as well.

@pareshcc pareshcc reopened this Jan 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thisisshi @pareshcc