Determine if there is a large number of Amazon EC2 security groups available within your AWS cloud account and reduce their number by removing any unnecessary or obsolete security groups. To maintain optimal access security at the instance level, Trend Cloud One™ – Conformity recommends two threshold values of 50 (Large) and 100 (Excessive) for the maximum number of security groups available per AWS region. You can also adjust the threshold based on your requirements.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using a large number of Amazon EC2 security groups can increase opportunities for malicious activities because creating and managing multiple security groups can increase the risk of accidentally allowing unrestricted access.
Note: The default threshold for the maximum number of security groups per AWS region used by this conformity rule is 100 (Excessive).
Audit
To determine if there are more than 100 Amazon EC2 security groups available within an AWS cloud region, perform the following operations:
Remediation / Resolution
To remove any unnecessary or obsolete Amazon EC2 security groups from your AWS cloud account, perform the following operations:
Note: If you attempt to delete an Amazon EC2 security group that is associated with an instance, or is referenced by another security group, the delete operation fails.References
- AWS Documentation
- Amazon EC2 security groups for Linux instances
- Work with security groups
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- delete-security-group