aws-network-public-rdp¶
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (RDP)
Examples¶
Insecure Example
resource "aws_security_group" "SGBase" {
name = "SGBase"
description = "Base Security Group"
ingress {
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
"SGBase": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Base Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": 3389,
"ToPort": 3389
}
]
}
}
Secure Example
resource "aws_security_group" "SGBase" {
name = "SGBase"
description = "Base Security Group"
ingress {
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["172.217.13.163/32"] # This is just an example, please replace with your own host trusted IP source
}
}
"SGBase": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Base Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"CidrIp": "172.217.13.163/32", # This is just an example, please replace with your own host trusted IP source
"FromPort": 3389,
"ToPort": 3389
}
]
}
}