Beta - Nifcloud NAS has public ingress NAS security group rule

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Beta - Nifcloud NAS has public ingress NAS security group rule

Metadata

Id: 8d7758a7-d9cd-499a-a83e-c9bdcbff728d

Cloud Provider: Nifcloud

Platform: Terraform

Severity: High

Category: Networking and Firewall

Learn More

Provider Reference

Description

An ingress nifcloud_nas_security_group rule allows traffic from /0. This permits access from the entire Internet and is overly permissive. Use a more restrictive CIDR range to limit allowed sources.

Compliant Code Examples

resource "nifcloud_nas_security_group" "negative" {
  group_name        = "nasgroup001"
  availability_zone = "east-11"

  rule {
    cidr_ip = "10.0.0.0/16"
  }
}

Non-Compliant Code Examples

resource "nifcloud_nas_security_group" "positive" {
  group_name        = "nasgroup001"
  availability_zone = "east-11"

  rule {
    cidr_ip = "0.0.0.0/0"
  }
}