Inbound Traffic Is Allowed on SSH Ports Only

Rule Details

Application Scenarios

Port 22 is the default port for Secure Shell (SSH) and is used for remote login and server management.

0.0.0.0/0 indicates all IPv4 addresses, and ::/0 indicates all IPv6 addresses. Restricting access to port 22 from any IP address can significantly reduce the exposure of your server and the possibility of being scanned and attacked.

Solution

Modify a security group rule.

Rule Logic

• If a security group does not allow all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the TCP port 22, this security group is compliant.
• If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the TCP port 22, this security group is non-compliant.

• If the source address of a security group rule is a security group, the traffic from the source security group will not be checked and is trusted.
• If the source address of a security group rule is an IP address group, the IP addresses configured for the IP address group will not be checked, because the IP address group cannot contain all IP addresses.
• A security group typically contains multiple rules, and these rules follow a certain order to take effect. For details, see How Traffic Matches Security Group Rules. This Config rule bypasses all Deny rules in security groups, and only focuses on the traffic that you may allow.