How to Find AWS VPCs with Default Security Groups Allowing All Inbound Traffic
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.
info
This security check is part of the CIS Amazon Web Services Benchmarks and is rated severity high.
Prerequisites​
This guide assumes that you have already installed and configured Resoto to collect your AWS resources.
Directions​
-
Execute the following
search
command in Resoto Shell or Resoto UI:> search is(aws_ec2_security_group) and name="default" and group_ip_permissions[*].{ip_protocol="-1" and (ip_ranges[*].cidr_ip="0.0.0.0/0" or ipv6_ranges[*].cidr_ipv6="::/0")} <-- is(aws_vpc)