Control: Network ACL should not allow unrestricted RDP port 3389 access
Description
This control checks whether the Network ACL allows unrestricted ingress on RDP port 3389.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.vpc_network_acl_allow_rdp_port_3389_ingressSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.vpc_network_acl_allow_rdp_port_3389_ingress --shareSQL
This control uses a named query:
with rules as ( select distinct address as name from terraform_resource, jsonb_array_elements( case jsonb_typeof(attributes_std -> 'ingress') when 'array' then (attributes_std -> 'ingress') else jsonb_build_array(attributes_std -> 'ingress') end ) ingress where type = 'aws_network_acl' and ingress is not null and (ingress ->> 'cidr_block' = '0.0.0.0/0' or ingress ->> 'ipv6_cidr_block' = '::/0') and ingress ->> 'action' = 'allow' and ( ingress ->> 'protocol' = '-1' or (ingress ->> 'from_port') :: integer >= 3389 or (ingress ->> 'to_port') :: integer <= 3389 ))select r.address as resource, case when g.name is null then 'ok' else 'alarm' end as status, split_part(r.address, '.', 2) || case when g.name is null then ' restricts RDP access from the internet through port 3389' else ' allows RDP access from the internet through port 3389' end || '.' reason , path || ':' || start_linefrom terraform_resource as r left join rules as g on g.name = r.addresswhere type = 'aws_network_acl';