Skip to content

Not every Security Group rule has a description

Description

Descriptions can be up to 255 characters long and can be set and viewed from the AWS Management Console, AWS Command Line Interface (CLI), and the AWS APIs.

We recommend you add descriptive text to each of your Security Group Rules clarifying each rule's goals, this helps prevent developer errors.

Fix - Runtime

AWS Console

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon VPC console.
  3. Select Security Groups.
  4. Select Create Security Group.
  5. Select a Security Group and review all of the descriptions.
  6. To modify the rules and descriptions, click Edit.

Fix - Buildtime

Terraform

Add a description to your ingress or egress rule.

```go aws_security_group.examplea.tf resource "aws_security_group" "examplea" { name = var.es_domain description = "Allow inbound traffic to ElasticSearch from VPC CIDR" vpc_id = var.vpc

ingress { cidr_blocks = ["10.0.0.0/16"] + description = "What does this rule enable" from_port = 80 protocol = "tcp" to_port = 80 } } ```