cloudbot_name: sg_single_rule_delete

What it does: Deletes a single rule on a security group Usage: sg_single_rule_delete split=<true|false> protocol=<TCP|UDP> scope=<a.b.c.d/e> direction=<inbound|outbound> port=

Example: sg_single_rule_delete split=false protocol=TCP scope=0.0.0.0/0 direction=inbound port=22 Sample GSL: SecurityGroup should not have inboundRules with [scope = '0.0.0.0/0' and port<=22 and portTo>=22]

Conditions and caveats: Deleting a single rule on a security group can be difficult because the problematic port can be nested within a wider range of ports. If SSH is open because a SG has all of TCP open, do you want to delete the whole rule or would you break up the SG into the same scope but port 0-21 and a second rule for 23-end of TCP port range? Currently the way this is being addressed is using the 'split' parameter. If it's set as false, CloudBots will only look for the specific port in question. If it's nested within a larger port scope, it'll be skipped. If you set split to true, then the whole rule that the problematic port is nested in will be removed and 2 split rules will be added in its place (ex: if port 1-30 is open and you want to remove SSH, the new rules will be for port 1-21 and port 23-30).

If you want to delete a rule that is open on ALL ports: Put Port 0 as the port to be deleted and the bot will remove the rule. If you want to delete a rule that is open to ALL : Put protocol=ALL and the bot will remove the open rule that configured with ALL as protocol If you want to delete a rule that is open no matter to the configured protocol Put protocol=* and the bot will remove the open rule
Set Split to True sg_single_rule_delete split=true protocol=TCP scope=8.8.8.8/32 direction=inbound port=0

Limitations: IPv6 is not supported