Cloud Conformity’s Head of Security — How to fix AWS Security Group Unrestricted SSH Access from the Internet to EC2 Instance

One of the most common AWS misconfigurations we see is EC2 servers being built with Port 22, SSH, open to the public internet. This easily overlooked setting leaves your resources completely vulnerable to numerous scans specifically designed to search for servers with Port 22 open. Any successful scans then use brute force attacks on your username and password, leaving recovery incredibly difficult.

Using the AWS Well-Architected Framework, the best way to secure your system is to take the least-privilege approach when considering access levels. For example, only open the ports needed for communication, ensure that the operating system is hardened and that unnecessary tools and permissive configurations are disabled. Should changes need to be made later down the line, you can work on a case-by-case basis for easier management and then return settings back to the default state after work is completed.

When you open your AWS console and review the offending security group you will find something like this:

Cloud Conformity includes this rule so you’re able to monitor how secure your EC2 security groups are, and how to remediate any violations. The video at the top of this page takes you through this function.