Determine if there is a large number of EC2 security groups available within each AWS regions and reduce their number by removing any unnecessary or obsolete security groups. To maintain optimal access security at the instance level, Cloud Conformity recommends two threshold values of 50 (Large) and 100 (Excessive) for the maximum number of security groups available per region. Besides these two (default) values recommended, you have the capability to adjust the threshold based on your requirements.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using a large number of EC2 security groups can increase opportunities for malicious activity as creating and managing multiple security groups can increase the risk of accidentally allowing unrestricted access.
Note: The threshold for the maximum number of security groups per AWS region set for this guide is 50 (Large).
Audit
To determine if there are more than 50 EC2 security groups available within an AWS region, perform the following:
Remediation / Resolution
To remove any unnecessary or obsolete EC2 security groups from an AWS region, perform the following:
References
- AWS Documentation
- Amazon EC2 Security Groups for Linux Instances
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- delete-security-group
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Security Group Excessive Counts
Risk level: Medium