Policy Packs
AWS CIS v3.0.0 - Section 5 - Networking

Policy Setting: AWS > VPC > Network ACL > Ingress Rules > Approved > Rules

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_vpc_network_acl_ingress_rules_approved_rules" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-vpc-security#/policy/types/networkAclIngressRulesApprovedRules"
note = "AWS CIS v3.0.0 - Controls: 5.1"
value = <<-EOT
# Reject port range sizes -1 (all traffic)
REJECT \
$.turbot.portRangeSize:-1 \
$.turbot.cidr:0.0.0.0/0
# Reject prohibited ports
REJECT \
$.turbot.ports.+:22,3389 \
$.IpProtocol:tcp,udp \
$.turbot.cidr:0.0.0.0/0
# Approve any unmatched rules
APPROVE *
EOT
}