An inline egress security group rule allows traffic to /0 TF-AWS009

Opening up unwanted CIDR ranges to the public internet is generally to be avoided.

You should restrict access to IP addresses or ranges that explicitly require it where possible.

Examples

Bad practice

resource "aws_security_group" "my-group" {
    egress {
        cidr_blocks = ["0.0.0.0/0"]
    }
}

Recommended

resource "aws_security_group" "my-group" {
    egress {
        cidr_blocks = ["1.2.3.4/32"]
    }
}

References

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group