By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Security groups should only allow unrestricted incoming traffic for authorized ports

0

I got one finding which says "This control checks whether the security groups allow unrestricted incoming traffic. The control fails if ports allow unrestricted traffic on ports other than 80 and 443, which are default values for parameter authorizedTcpPorts." So I have one security group and three inbound rule with port is 80 and source is 0.0.0.0/0 , port 443 and source 0.0.0.0/0 and port 8443 and source 0.0.0.0/0 respectively. So according to "The control fails if ports allow unrestricted traffic on ports other than 80 and 443" I deleted inbound rules of port 80 and 443 but after this ECS Fargate services goes down. which I am not able to understand. Please help me in fixing this. Thanks in advance.

Topics
ComputeContainersNetworking & Content Delivery
Tags
Amazon EC2Amazon Elastic Container ServiceSecurity Group
Language
English
rePost-User-5126011
asked 2 years ago2.4K views
2 Answers
0

The rule states "on ports other than 80 and 443". So in this case that would be port 8443. Try deleting just that one and see if your control allows it.

profile pictureAWS
Lawrence Aiello
answered 2 years ago
profile pictureAWS
EXPERT
kentrad
reviewed 2 years ago
0

I have the same issue, it should allow any user from anywhere for port 80 and port 443

Renad Jqaim
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content