Ensure that your AWS EC2 default security groups restrict all inbound public traffic in order to enforce AWS users (EC2 administrators, resource managers, etc) to create custom security groups that exercise the rule of least privilege instead of using the default security groups.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Because a lot of AWS users have the tendency to attach the default security group to their EC2 instances during the launch process, any default security groups configured to allow unrestricted access can increase opportunities for malicious activity such as hacking, denial-of-service attacks or brute-force attacks.
To determine if your EC2 default security groups allow public inbound traffic, perform the following:
To restrict public inbound traffic to your default security groups and use custom security groups instead of default ones for your EC2 instances, perform the following: