Json Yaml Open All Ports To Public
Description
Detects AWS CloudFormation templates that define security groups with dangerously open network access rules (0.0.0.0/0) allowing unrestricted ingress or egress traffic across all ports. This creates a significant security risk by potentially exposing EC2 instances to unauthorized access from any source IP address.
Detection Strategy
• Scans CloudFormation template files for EC2 security group definitions
• Checks both ingress and egress rules within security group configurations
• Identifies if port ranges are set to allow all ports (typically from port 0 to port 65535)
• Verifies if the CIDR IP range is set to '0.0.0.0/0' which allows access from any IP address
• Reports a vulnerability when finding security groups that combine unrestricted ports with public internet access
Vulnerable code example
Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow all traffic
VpcId:
Ref: myVPC
SecurityGroupIngress:...✅ Secure code example
Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow specific traffic on required ports
VpcId:
Ref: myVPC
SecurityGroupIngress:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.