Skip to main content

Unrestricted ingress traffic leave assets exposed to remote attacks

  • GG_ID: GG_IAC_0005
  • Severity: HIGH
  • Complexity: HIGH
  • Categories: NETWORK
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False


A security group has open ingress. This means that the assets in this security group are exposed to the whole web.


Having open ingress means anyone can try and connect to the asset.

  • If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
  • If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.

Remediation guidelines#

Identify which remote ips need to connect to the asset, and implement the adequate CIDR rules. Note that assets that share the same security group can always access each other.

External documentation#