An egress security group rule allows traffic to /0.
Explanation
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.
Insecure Example
The following example will fail the AWS007 check.
resource "aws_security_group_rule" "my-rule" {
type = "egress"
cidr_blocks = ["0.0.0.0/0"]
}Secure Example
The following example will pass the AWS007 check.
resource "aws_security_group_rule" "my-rule" {
type = "egress"
cidr_blocks = ["10.0.0.0/16"]
}