standard
turbot/aws_compliance
Get Involved
Version
Pipeline: Correct one VPC security group allowing ingress to remote server administration ports
Revoke a VPC security group rule that allow ingress from 0.0.0.0/0 or ::/0 to remote server administration ports.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run aws_compliance.pipeline.correct_one_vpc_security_group_allowing_ingress_to_remote_server_administration_ports \ --arg 'title=<string>' \ --arg 'group_id=<string>' \ --arg 'security_group_rule_id=<string>' \ --arg 'ip_protocol=<string>' \ --arg 'from_port=<number>' \ --arg 'to_port=<number>' \ --arg 'cidr_ipv4=<string>' \ --arg 'cidr_ipv6=<string>' \ --arg 'region=<string>' \ --arg 'conn=<connection.aws>'Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = aws_compliance.pipeline.correct_one_vpc_security_group_allowing_ingress_to_remote_server_administration_ports args = { title = <string> group_id = <string> security_group_rule_id = <string> ip_protocol = <string> from_port = <number> to_port = <number> cidr_ipv4 = <string> cidr_ipv6 = <string> region = <string> conn = <connection.aws> }}Params
| Name | Type | Required | Description | Default |
|---|---|---|---|---|
| title | string | Yes | Title of the resource, to be used as a display name. | - |
| group_id | string | Yes | The ID of the Security group. | - |
| security_group_rule_id | string | Yes | The ID of the Security group rule. | - |
| ip_protocol | string | Yes | IP protocol. | - |
| from_port | number | Yes | From port. | - |
| to_port | number | Yes | To port. | - |
| cidr_ipv4 | string | Yes | The IPv4 CIDR range. | - |
| cidr_ipv6 | string | Yes | The IPv6 CIDR range. | - |
| region | string | Yes | AWS Region of the resource(s). | - |
| conn | connection.aws | Yes | Name of the AWS connection to be used for any authenticated actions. | - |
| notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
| notification_level | string verbose, info, error | Yes | The verbosity level of notification messages to send. | info |
| approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
| default_action | string notify, skip, revoke_security_group_rule | Yes | The default action to use when there are no approvers. | notify |
| enabled_actions | list(string) skip, revoke_security_group_rule | Yes | The list of enabled actions approvers can select. | |
Outputs
This pipeline has no outputs.
Tags
category = Compliance
folder = Internal
mod = aws
service = AWS/VPC