Instances Exposing Public SSH

This bot identifies instances with security groups that have SSH (port 22) open to the world, i.e., 0.0.0.0/0. As an instance can reside in multiple security groups, this bot automates the examination of all attached security groups to discover public access in any one. This bot works with Amazon Web Services (AWS) and OpenStack only.

Recommended Action

Notify the instance owner of its exposure to confirm the requirement. If not required, examine the non-compliant instance and delete the offending resource access list SSH rule in its dependencies.

Severity

High

Resource Types Inspected

Instance

Reactive Hookpoints

None