turbot/alicloud_insights

Query: ecs_security_unrestricted_ingress_count

Usage

powerpipe query alicloud_insights.query.ecs_security_unrestricted_ingress_count

SQL

with ingress_sg as (
select
distinct arn
from
alicloud_ecs_security_group,
jsonb_array_elements(permissions) as p
where
p ->> 'Policy' = 'Accept' and p ->> 'IpProtocol' <> 'ICMP'
and p ->> 'Direction' = 'ingress'
and p ->> 'SourceCidrIp' = '0.0.0.0/0'
and (
p ->> 'PortRange' in ('-1/-1', '1/65535')
)
)
select
'Unrestricted Ingress (Excludes ICMP)' as label,
count(*) as value,
case
when count(*) = 0 then 'ok'
else 'alert'
end as type
from
ingress_sg

Dashboards

The query is used in the dashboards: