DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

Made by DeepSource
Use Analyzer

An egress security group rule allows traffic to /0 TF-AWS007

Security
Major

Opening up unwanted CIDR ranges to connect out to the public internet is generally to be avoided.

You should restrict access to IP addresses or ranges that are explicitly required where possible. Specifying a non-restrictive IP range allows your infrastructure to send traffic to unauthorized IP ranges. Specify a restrictive source IP range in the cidr_blocks attribute.

Examples

Bad practice

resource "aws_security_group_rule" "my-rule" {
    type = "egress"
    cidr_blocks = ["0.0.0.0/0"]
}

Recommended

resource "aws_security_group_rule" "my-rule" {
    type = "egress"
    cidr_blocks = ["10.0.0.0/16"]
}

References