Check your EC2 security groups for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0 or ::/0) to TCP port 27017 and restrict access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. TCP port 27017 is used by the MongoDB Database which is free and open-source cross-platform document-oriented NoSQL database
Allowing unrestricted MongoDB Database access can increase opportunities for malicious activity such as hacking, denial-of-service (DoS) attacks and loss of data.
To determine if your EC2 security groups allow unrestricted MongoDB Database access, perform the following:
To update your security groups inbound/ingress configuration in order to restrict MongoDB Database access to specific entities (IP addresses, IP ranges, etc), perform the following: