Rule purpose: Check whether the port range value is set to All when rules involving all network segments are configured.
Compliance evaluation logic: When the security group has set rules covering all network segments (0.0.0.0/0 or ::/0), the port range value cannot be set to ALL. If no such rules are set, the port range value can be ALL. The evaluation result is "compliant" if the above conditions are met.
Rule Identifier: cvm-sg-no-remote-access
Risk Level: High
Applicable Resource Type: QCS::VPC::SecurityGroup
Rule trigger type: Configuration change
Keyword: Security Group
Rule parameter: None