Ensure that all your EC2 security groups are using appropriate naming conventions for tagging in order to manage them more efficiently and adhere to AWS tagging best practices. A naming convention is a well-defined set of rules useful for choosing the name of an AWS resource. Cloud Conformity strongly recommends using the following pattern (default) for naming your security groups:
^security-group-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\-]+)$. However, in case you need to create your custom naming pattern, the default one can be easily replaced within the rule settings available on Cloud Conformity console.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Naming your AWS resources logically and consistently has several advantages such as providing additional information about the resource location and usage, promoting consistency within the selected environment, distinguishing fast similar resources from one another, avoiding naming collisions, improving clarity in cases of potential ambiguity and enhancing the aesthetic and professional appearance.
(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)for us-east-1, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, sa-east-1.
(d|t|s|p)for development, test, staging, production.
([a-z0-9\-]+)for applications (e.g. nodejs, mongo) running on the instances associated with the selected security groups.
To verify the naming conventions used for tagging your existing security groups, perform the following:
To implement appropriate naming conventions for your existing security groups based on the default pattern (i.e. ^security-group-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\\-]+)$), perform the following: