Ensure that the EC2 instances provisioned in your AWS account are not associated with default security groups created alongside with your VPCs in order to enforce using custom and unique security groups that exercise the principle of least privilege.
When an EC2 instance is launched without specifying a custom security group, the default security group is automatically assigned to the instance. Because a lot of instances are launched in this way, if the default security group is configured to allow unrestricted access, it can increase opportunities for malicious activity such as hacking, brute-force attacks or even denial-of-service (DoS) attacks.
To determine if you have any provisioned EC2 instances associated with default security groups, perform the following:
To adhere to the principle of least privilege and replace the associated default security groups with custom security groups, perform the following: