Ensure that your Amazon EC2 default security groups restrict all inbound public traffic in order to enforce AWS users (administrators, resource managers, etc.) to create custom security groups that exercise the Principle of Least Privilege (POLP) instead of using the default security groups.
This rule can help you with the following compliance standards:
- CISAWSF
- PCI
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Because a lot of AWS users have the tendency to attach the default security group to their Amazon EC2 instances during the launch process, any default security groups configured to allow unrestricted access can increase opportunities for malicious activities such as hacking, Denial-of-Service attacks, or brute-force attacks.
Audit
To determine if your default security groups allow public inbound traffic, perform the following operations:
Remediation / Resolution
To follow security best practices and replace the non-compliant default security group with a custom security group, perform the following operations:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- Control traffic to resources using security groups
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- create-security-group
- authorize-security-group-ingress
- revoke-security-group-ingress
- modify-instance-attribute
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Default Security Group Unrestricted
Risk Level: Low