AWS018 - Missing description for security group/security group rule.

Written by tfsec

Explanation

Security groups and security group rules should include a description for auditing purposes.

Simplifies auditing, debugging, and managing security groups.

Insecure Example

The following example will fail the AWS018 check.

resource "aws_security_group" "bad_example" {
  name        = "http"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}

Secure Example

The following example will pass the AWS018 check.

resource "aws_security_group" "good_example" {
  name        = "http"
  description = "Allow inbound HTTP traffic"

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule

• https://www.cloudconformity.com/knowledge-base/aws/EC2/security-group-rules-description.html

---