class Terracop::Cop::Aws::OpenEgress
This cop warns against an egress rule to 0.0.0.0/0. While very common, and not necessarily an offense, you may want to lock the outbound traffic to some specific addresses (or even other security groups), especially in highly regulated environments.
@example
# bad resource "aws_security_group_rule" "egress" { type = "egress" cidr_blocks = ["0.0.0.0/0"] } # good resource "aws_security_group_rule" "egress" { type = "egress" cidr_blocks = ["10.4.0.0/16"] } # better resource "aws_security_group_rule" "egress" { type = "egress" security_group_id = aws_security_group.destination.id }
Public Instance Methods
check()
click to toggle source
# File lib/terracop/cop/aws/open_egress.rb, line 34 def check return unless egress? && any_ip? offense('Avoid allowing egress traffic to 0.0.0.0/0.', :security) end