Policy Packs
AWS CIS v3.0.0 - Section 5 - Networking

Policy Setting: AWS > VPC > Security Group > Egress Rules > Approved > Rules

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_vpc_security_group_egress_rules_approved_rules" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupEgressRulesApprovedRules"
note = "AWS CIS v3.0.0 - Controls: 5.4"
template_input = <<-EOT
{
securityGroup {
GroupName: get(path: "GroupName")
IpPermissionsEgress: get(path: "IpPermissionsEgress")
}
}
EOT
template = <<-EOT
{%- if $.securityGroup.GroupName == "default" and $.securityGroup.IpPermissionsEgress | length > 0 -%}
REJECT *
{%- endif %}
EOT
}