Check your EC2 security groups for inbound rules that allow access from IP address ranges specified in RFC-1918 (i.e. 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) and restrict access to only those private IP addresses that require it in order to implement the principle of least privilege (as promoted by AWS security best practices).
Using RFC-1918 CIDRs within your EC2 security groups to allow an entire private network to access EC2 instances is implementing overly permissive access control, therefore the security groups access configuration does not adhere to security best practices.
To determine if there are any EC2 security groups that contain RFC-1918 CIDRs available in your AWS account, perform the following:
To update the inbound/ingress configuration for the EC2 security groups with RFC-1918 CIDRs in order to restrict access to specific IP addresses or security groups, perform the following: