β Policy Check: No open SSHΒ #65
Description
No open SSH
Status: β
PASS
Policy File: no-open-sg.md
Workspace: View in System Initiative
Date: 2025-10-21T16:47:04.383Z
Full Report: π View in Artifacts
No open SSH
Date: 2025-10-21T16:47:04Z
Policy
SSH cannot be open from the world.
Tags
- networking
- security
Test Results
Result: Pass
All infrastructure components comply with the SSH access policy. None of the 5 security groups examined have SSH (port 22) exposed to the internet (0.0.0.0/0). All ingress rules either use non-SSH ports or restrict access to specific security groups.
Source Data
System Initiative
all-vpc
| component | Protocol | From Port | To Port | Source CIDR | Source Security Group |
|---|---|---|---|---|---|
| AWS::EC2::SecurityGroup tonys-chips-api-sg | |||||
| AWS::EC2::SecurityGroup sandbox-tonys-chips-alb-sg | |||||
| AWS::EC2::SecurityGroup sandbox-default-security-group | |||||
| AWS::EC2::SecurityGroup sandbox-tonys-chips-api-sg-v2 | |||||
| AWS::EC2::SecurityGroup sandbox-tonys-chips-rds-sg |
Column Selection Reasoning: To evaluate SSH exposure, we must examine the ingress rules of each security group. The critical attributes are: the protocol (must be 'tcp'), the port range (must include port 22 for SSH), and the source (CidrIp of 0.0.0.0/0 indicates internet exposure, while SourceSecurityGroupId indicates restricted access). These five columns collectively determine whether SSH is exposed to the world.
About this issue
This issue was automatically generated by the policy checker workflow. When the workflow runs again for this policy, this issue will be closed and a new one will be created with updated results.