How to Find AWS EC2 Security Groups Allowing All Inbound Traffic on Default SSH Ports
If security groups are not properly configured, the attack surface is increased.
info
This security check is part of the CIS Amazon Web Services Benchmarks and is rated severity high.
Prerequisites​
This guide assumes that you have already installed and configured Resoto to collect your AWS resources.
Directions​
-
Execute the following
search
command in Resoto Shell or Resoto UI:> search is(aws_ec2_security_group) and group_ip_permissions[*].{(ip_protocol=-1 or (from_port>=22 and to_port<=22 and ip_protocol=tcp)) and (ip_ranges[*].cidr_ip="0.0.0.0/0" or ipv6_ranges[*].cidr_ipv6="::/0")}
​kind=aws_ec2_security_group, ..., region=resoto-poweruser
​kind=aws_ec2_security_group, ..., account=poweruser-team -
Pipe the
search
command into thedump
command:> search is(aws_ec2_security_group) and group_ip_permissions[*].{(ip_protocol=-1 or (from_port>=22 and to_port<=22 and ip_protocol=tcp)) and (ip_ranges[*].cidr_ip="0.0.0.0/0" or ipv6_ranges[*].cidr_ipv6="::/0")} | dump
​reported:
​ id: /aws/ec2/123
​ name: some-name