Missing description for security group/security group rule.
Explanation
Security groups and security group rules should include a description for auditing purposes.
Simplifies auditing, debugging, and managing security groups.
Insecure Example
The following example will fail the AWS018 check.
resource "aws_security_group" "http" {
name = "http"
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
}
}
Secure Example
The following example will pass the AWS018 check.
resource "aws_security_group" "http" {
name = "http"
description = "Allow inbound HTTP traffic"
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
}
}