A detailed guideline regarding restriction of ingress TCP and UDP access in VPC security groups.
Rule | VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0 |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ High |
Rule Description:
The VPC security groups for FedRAMP Low Revision 4 should have ingress (incoming) TCP and UDP access restrictions in place to prevent unrestricted access from any source IP address (0.0.0.0/0).
Troubleshooting Steps:
Necessary Codes:
The following code snippet demonstrates an example of how to create a security group rule in AWS using the AWS Command Line Interface(CLI):
aws ec2 authorize-security-group-ingress --group-id <security_group_id> --protocol tcp --port <port_number> --source-cidr-ip 0.0.0.0/0
Replace
<security_group_id>
with the actual ID of the security group and <port_number>
with the desired port number.Step-by-Step Remediation Guide:
aws ec2 authorize-security-group-ingress --group-id <security_group_id> --protocol tcp --port <port_number> --source-cidr-ip 0.0.0.0/0
Replace
<security_group_id>
with the actual security group ID noted earlier. Replace <port_number>
with the desired port number to be restricted.Note: It is essential to review and confirm the specific requirements of FedRAMP Low Revision 4 and tailor the security group rules accordingly.