class Terracop::Cop::Aws::UnrestrictedEgressPorts
This cop warns against egress security group rules that allow any port. This would, for example, allow an attacker to use your machine to send spam emails, since you left port 25 outbound open.
@example
# bad resource "aws_security_group_rule" "egress" { type = "egress" from_port = 0 to_port = 65535 } # good resource "aws_security_group_rule" "egress" { type = "egress" from_port = 443 to_port = 443 }
Public Instance Methods
check()
click to toggle source
# File lib/terracop/cop/aws/unrestricted_egress_ports.rb, line 29 def check return unless egress? && (tcp? || udp?) && any_port? offense('Limit egress traffic to small port ranges.', :security) end