Ensure that all Application Load Balancers (ALBs) available in your AWS account are associated with valid and secure security groups that restrict access only to the ports defined within the load balancers listeners configuration.
Having well-configured security groups attached to your ELBv2 load balancers can reduce substantially the risk of data loss and unauthorized access. Also, the security groups must be valid, because when a load balancer is created without specifying a security group, the ALB/NLB is automatically associated with the VPC’s default security group, which is considered invalid.
Case A: To determine if your ELBv2 load balancers are using insecure and invalid security groups, perform the following actions:
To replace any invalid/insecure security group associated with your Amazon ELBv2 load balancers, perform the following: