Ensure that the EC2 instances provisioned in your AWS account are not associated with default security groups created alongside with your VPCs in order to enforce using custom and unique security groups that exercise the principle of least privilege.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an EC2 instance is launched without specifying a custom security group, the default security group is automatically assigned to the instance. Because a lot of instances are launched in this way, if the default security group is configured to allow unrestricted access, it can increase opportunities for malicious activity such as hacking, brute-force attacks or even denial-of-service (DoS) attacks.
To determine if you have any provisioned EC2 instances associated with default security groups, perform the following:
To adhere to the principle of least privilege and replace the associated default security groups with custom security groups, perform the following: