Ensure that the Amazon EC2 instances provisioned in your AWS cloud account are not associated with the default security groups created alongside with your VPCs in order to enforce using custom and unique security groups that exercise the Principle of Least Privilege.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When an Amazon EC2 instance is launched without specifying a custom security group, the default security group is automatically assigned to the EC2 instance. Because a lot of instances are launched in this way, if the default security group is configured to allow unrestricted access, it can increase opportunities for malicious activities such as hacking, brute-force attacks, or Denial-of-Service (DoS) attacks.
Audit
TTo determine if there are Amazon EC2 instances associated with the default security groups, perform the following actions:
Remediation / Resolution
To follow AWS cloud security best practices, implement the Principle of Least Privilege (POLP) by replacing the associated default security group with a custom security group. To run the remediation process, perform the following actions:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- Security Groups for Your VPC
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
- describe-security-groups
- create-security-group
- authorize-security-group-ingress
- authorize-security-group-egress
- modify-instance-attribute
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Default Security Groups In Use
Risk Level: Medium