4.1 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
Created by: armorcodegithubapp[bot]
Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to port 22.
Type: [Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark]
Compliance Status: FAILED
Product Name: N/A
Company Name: N/A
Generator Id: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.1
Record State: ACTIVE
Workflow Status: NEW
Workflow State: NEW
Account Id: 012345678912
Region: N/A
Source URL: N/A
Resource: [ { "Type" : "AwsEc2SecurityGroup", "Id" : "arn:aws:ec2:us-east-1:012345678912:security-group/sg-019f05ef36b86e389", "Partition" : "aws", "Region" : "us-east-1", "Details" : { "AwsEc2SecurityGroup" : { "GroupName" : "ingress-ssh-all-security-hub-test", "GroupId" : "sg-019f05ef36b86e389", "OwnerId" : "012345678912", "VpcId" : "vpc-5021932a", "IpPermissions" : [ { "IpProtocol" : "tcp", "FromPort" : 22, "ToPort" : 22, "IpRanges" : [ { "CidrIp" : "0.0.0.0/0" } ] } ], "IpPermissionsEgress" : [ { "IpProtocol" : "-1", "IpRanges" : [ { "CidrIp" : "0.0.0.0/0" } ] } ] } } } ]
Created At: Mon Jun 08 11:26:54 UTC 2020
Updated At: Sun Jun 14 19:47:34 UTC 2020
Mitigation: For directions on how to fix this issue, please consult the AWS Security Hub CIS documentation. https://docs.aws.amazon.com/console/securityhub/standards-cis-4.1/remediation