Determine if there is a large number of security group rules assigned to an EC2 instance and reduce their number by removing any unnecessary or overlapping rules. To improve the instance network performance Cloud Conformity recommends a default value of 50 for the maximum number of inbound and outbound rules applied to an EC2 instance, however, this value is configurable so you can adjust it based on your requirements.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
efficiency
Applying a large number of security group rules to an EC2 instance can impact its network performance and increase the latency when accessing the instance.
Note: The threshold for the maximum number of inbound and outbound rules combined set for this guide is 50 (recommended).
Audit
To determine if there are any EC2 instances with more than 50 inbound and outbound rules combined available in your AWS account, perform the following:
Remediation / Resolution
To remove any unnecessary or overlapping inbound and outbound rules from the security group(s) associated with your EC2 instances, perform the following:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
- describe-security-groups
- revoke-security-group-ingress
- revoke-security-group-egress
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
EC2 Instance Security Group Rules Counts
Risk level: Low