DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

Made by DeepSource
Use Analyzer

An inline ingress security group rule allows traffic from /0 TF-AWS008

Security
Major

Opening up unwanted CIDR ranges to the public internet is generally to be avoided.

You should restrict access to IP addresses or ranges that explicitly require it where possible. Specifying a non-restrictive IP range allows your infrastructure to send traffic to unauthorized IP ranges. It is recommended to specify a restrictive source IP range in the cidr_blocks attribute.

Examples

Bad practice

resource "aws_security_group" "my-group" {
    ingress {
        cidr_blocks = ["0.0.0.0/0"]
    }
}

Recommended

resource "aws_security_group" "my-group" {
    ingress {
        cidr_blocks = ["1.2.3.4/32"]
    }
}

References