v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/terraform_oci_compliance
Overview
8Dashboards
30Controls
30Queries
2Variables
GitHub

Control: Ensure the Network default security list of every VCN restricts all traffic except ICMP

Description

A default security list is created when a Virtual Cloud Network (VCN) is created. Security lists provide stateful filtering of ingress and egress network traffic to OCI resources. It is recommended no security list allows unrestricted ingress access to Secure Shell (SSH) via port 22.

Usage

Run the control in your terminal:

powerpipe control run terraform_oci_compliance.control.vcn_default_security_group_allow_icmp_only

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_oci_compliance.control.vcn_default_security_group_allow_icmp_only --share

SQL

This control uses a named query:

vcn_default_security_group_allow_icmp_only

Tags

category = Compliance
cis = true
plugin = terraform
service = OCI/VCN