Checks/Aws/Test-Ec2SecuritygroupAllowIngressFromInternetToAnyPort.ps1
|
function Test-Ec2SecuritygroupAllowIngressFromInternetToAnyPort { <# .SYNOPSIS Security group has no 0.0.0.0/0 or ::/0 ingress to any port, or is attached only to allowed interface types or instance owners .DESCRIPTION **EC2 security groups** with **internet-sourced ingress** from `0.0.0.0/0` or `::/0` to any port, and their attachments, are evaluated. Groups linked to network interfaces or instance owners outside an approved list for public exposure are identified. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: ec2_securitygroup_allow_ingress_from_internet_to_any_port [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check ec2_securitygroup_allow_ingress_from_internet_to_any_port for reference.', 'N/A', 'ec2 Resources') } |