aws-network-public-rdp

Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (RDP)

Examples

Insecure Example

Terraform

resource "aws_security_group" "SGBase" {
  name        = "SGBase"
  description = "Base Security Group"

  ingress {
    from_port        = 3389
    to_port          = 3389
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
  }
}

CloudFormation

"SGBase": {
   "Type": "AWS::EC2::SecurityGroup",
   "Properties": {
      "GroupDescription": "Base Security Group",
      "SecurityGroupIngress": [
         {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": 3389,
            "ToPort": 3389
         }
      ]
   }
}

Secure Example

Terraform

resource "aws_security_group" "SGBase" {
  name        = "SGBase"
  description = "Base Security Group"

  ingress {
    from_port        = 3389
    to_port          = 3389
    protocol         = "tcp"
    cidr_blocks      = ["172.217.13.163/32"] # This is just an example, please replace with your own host trusted IP source
  }
}

CloudFormation

"SGBase": {
   "Type": "AWS::EC2::SecurityGroup",
   "Properties": {
      "GroupDescription": "Base Security Group",
      "SecurityGroupIngress": [
         {
            "IpProtocol": "tcp",
            "CidrIp": "172.217.13.163/32", # This is just an example, please replace with your own host trusted IP source
            "FromPort": 3389,
            "ToPort": 3389
         }
      ]
   }
}

More information

• AWS Docs
• Terraform Docs
• Cloudformation Docs