The inline security group rule allows open egress Affecting VPC service in AWS

Snyk CCSS

Network / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-00316
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Open egress can be used to exfiltrate data to unauthorized destinations, and enable access to potentially malicious resources.

How to fix?

Set Properties.SecurityGroupEgress.CidrIp attribute to specific ranges e.g. 192.168.1.0/24.

CloudFormation

Terraform

References