Ensure there is an EC2 security group created and configured for the app tier to grant inbound access from the app-tier ELB security group for explicit ports, in order to secure the access to the EC2 instances running within the tier. This conformity rule assumes that all AWS resources (including security groups) created within your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
A security group works as a virtual firewall that controls the traffic for your EC2 instances. To protect the instances within your app tier from unauthorized access, a dedicated security group must be created and configured to secure access by adding inbound rules that allow traffic for specific application protocols and ports, by referencing as source the security group associated with the app-tier ELB.
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To determine if there is an AWS EC2 security group created and configured particularly for the app tier, perform the following:
Remediation / Resolution
To create a compliant EC2 security group and configure it to allow inbound traffic from the app-tier ELB security group on explicit ports, perform the following actions:
- AWS Documentation
- Security Groups for Your VPC
- Amazon EC2 Security Groups for Linux Instances
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Create and Configure App-Tier Security Group
Risk level: Medium