Ensure that your AWS EC2 default security groups restrict all inbound public traffic in order to enforce AWS users (EC2 administrators, resource managers, etc) to create custom security groups that exercise the rule of least privilege instead of using the default security groups.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Because a lot of AWS users have the tendency to attach the default security group to their EC2 instances during the launch process, any default security groups configured to allow unrestricted access can increase opportunities for malicious activity such as hacking, denial-of-service attacks or brute-force attacks.
Audit
To determine if your EC2 default security groups allow public inbound traffic, perform the following:
Remediation / Resolution
To restrict public inbound traffic to your default security groups and use custom security groups instead of default ones for your EC2 instances, perform the following:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- Security Groups for Your VPC
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- create-security-group
- authorize-security-group-ingress
- revoke-security-group-ingress
- describe-instances
- modify-instance-attribute
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Default Security Group Unrestricted
Risk level: Low