Class: Terracop::Cop::Aws::OpenSsh

Inherits:

Object
Base
SecurityGroupRuleCop
Terracop::Cop::Aws::OpenSsh

show all

Defined in:: lib/terracop/cop/aws/open_ssh.rb

Overview

This cop warns against an ingress rule from 0.0.0.0/0 on port 22 (SSH). That is a Very Bad Idea™.

Examples:

# bad
resource "aws_security_group_rule" "ingress" {
  type        = "ingress"
  cidr_blocks = ["0.0.0.0/0"]
  # Notice this port range includes 22
  from_port   = 10
  to_port     = 30
}

# good
resource "aws_security_group_rule" "ingress" {
  type       = "ingress"
  cidr_blocks = ["1.2.3.4/32"]
  from_port   = 22
  to_port     = 22
}

Instance Attribute Summary

Attributes inherited from Base

#attributes, #index, #name, #offenses, #type

Instance Method Summary collapse

#check ⇒ Object

Methods inherited from Base

config, cop_name, #human_name, #initialize, #offense, run

Constructor Details

This class inherits a constructor from Terracop::Cop::Base

Instance Method Details

#check ⇒ `Object`

# File 'lib/terracop/cop/aws/open_ssh.rb', line 31

def check
  return unless ingress? && any_ip? && tcp? && port?(22)

  offense('Do not leave port 22 (SSH) open to the world.', :security)
end

Class: Terracop::Cop::Aws::OpenSsh

Overview

Examples:

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Methods inherited from Base

Constructor Details

Instance Method Details

#check ⇒ Object

#check ⇒ `Object`