Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Severity : MediumLow

Description: This control ensures that security group for the VPC have traffic rules configured each with non overlap source or destination CIDR. When editing the security group to attempt to restrict security group rules, it may happen that old wider CIDR rules are not remove. This will give unintended access to resources from network addresses not allowed to access the resources. By following AWS Well-Architected framework guidelines and best security practice to prevent malicious access to resources rule with the wider CIDR must be removed.

...