Devolutions.CIEM

0.3.28

Checks/Aws/Test-Ec2SecuritygroupAllowIngressFromInternetToTcpPort22.ps1

                                function Test-Ec2SecuritygroupAllowIngressFromInternetToTcpPort22 {

    <#

    .SYNOPSIS

        Security group does not allow ingress from 0.0.0.0/0 or ::/0 to TCP port 22 (SSH)

    .DESCRIPTION

        **EC2 security groups** are assessed for **inbound SSH exposure** by locating ingress rules that allow `TCP 22` from the Internet (`0.0.0.0/0` or `::/0`).

        Only groups in use are considered; sets already flagged for all-port exposure are not repeated.

    .PARAMETER Check

        CIEMCheck object containing check metadata.

    #>

    [CmdletBinding()]

    [OutputType([PSCustomObject[]])]

    param(

        [Parameter(Mandatory)]

        [CIEMCheck]$Check

    )

    $ErrorActionPreference = 'Stop'

    # TODO: Implement check logic based on Prowler check: ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22

    [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 for reference.', 'N/A', 'ec2 Resources')

}