Policy Settings
The Enforce Unapproved Traffic is Blocked for AWS VPC Security Groups policy pack has 2 policy settings:
| Policy | Setting | Note |
|---|---|---|
| AWS > VPC > Security Group > Ingress Rules > Approved | Check: Approved | |
| AWS > VPC > Security Group > Ingress Rules > Approved > Rules | # Allow ports 22,443,3389 from individual IP addresses (bitmask = 32) APPROVE $.turbot.fromPort:=22 $.turbot.toPort:=22 $.turbot.bitmaskLength:>=32 APPROVE $.turbot.fromPort:=443 $.turbot.toPort:=443 $.turbot.bitmaskLength:>=32 APPROVE $.turbot.fromPort:=3389 $.turbot.toPort:=3389 $.turbot.bitmaskLength:>=32 # List of CIDRs (RFC 1918) that are approved for use APPROVE $.turbot.cidr:<=10.0.0.0/8 APPROVE $.turbot.cidr:<=172.16.0.0/12 APPROVE $.turbot.cidr:<=192.168.0.0/16 # Reject unmatched rules REJECT * |