{
  "Categories": [
    "cat1",
    "cat2"
  ],
  "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
  "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.",
  "CheckType": "Data Protection",
  "Compliance": [
    {
      "Control": [
        "4.1"
      ],
      "Framework": "CIS-AWS",
      "Group": [
        "level2"
      ],
      "Version": "1.4"
    }
  ],
  "DependsOn": [
    "othercheck1",
    "othercheck2"
  ],
  "Description": "Extended Description",
  "Notes": "additional information",
  "Provider": "aws",
  "RelatedTo": [
    "othercheck3",
    "othercheck4"
  ],
  "RelatedUrl": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html",
  "Remediation": {
    "Code": {
      "CLI": "cli command or URL to the cli command location.",
      "NativeIaC": "code or URL to the code location.",
      "Other": "cli command or URL to the cli command location.",
      "Terraform": "code or URL to the code location."
    },
    "Recommendation": {
      "Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.",
      "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html"
    }
  },
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "ResourceType": "AwsEc2SecurityGroup",
  "Risk": "If Security groups are not properly configured the attack surface is increased.",
  "ServiceName": "ec2",
  "Severity": "low",
  "SubServiceName": "securitygroup"
}