class Terracop::Cop::Aws::OpenSsh
This cop warns against an ingress rule from 0.0.0.0/0 on port 22 (SSH). That is a Very Bad Idea™.
@example
# bad resource "aws_security_group_rule" "ingress" { type = "ingress" cidr_blocks = ["0.0.0.0/0"] # Notice this port range includes 22 from_port = 10 to_port = 30 } # good resource "aws_security_group_rule" "ingress" { type = "ingress" cidr_blocks = ["1.2.3.4/32"] from_port = 22 to_port = 22 }
Public Instance Methods
check()
click to toggle source
# File lib/terracop/cop/aws/open_ssh.rb, line 31 def check return unless ingress? && any_ip? && tcp? && port?(22) offense('Do not leave port 22 (SSH) open to the world.', :security) end