DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

Made by DeepSource
Use Analyzer

An ingress security group rule allows traffic from /0 TF-AWS006

Security
Major

Opening up unwanted CIDR ranges to the public internet is generally to be avoided.

Restrict access to IP addresses or ranges that explicitly require it where possible. Specifying a non-restrictive IP range allows unauthorized traffic from accessing your internal networks and causing unwanted problems. Specify a restrictive source IP range in the cidr_blocks attribute.

Examples

Bad practice

resource "aws_security_group_rule" "my-rule" {
    type = "ingress"
    cidr_blocks = ["0.0.0.0/0"]
}

Recommended

resource "aws_security_group_rule" "my-rule" {
    type = "ingress"
    cidr_blocks = ["10.0.0.0/16"]
}

References