Ensure that EC2 instances provisioned in your AWS account are not associated with security groups that have their name prefixed with "launch-wizard", in order to enforce using secure and custom security groups that exercise the principle of least privilege.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When a new security group is created, its default name value will be prefixed with "launch-wizard", unless specified otherwise. The problem with this security group is that it comes with the default configuration which allows inbound/ingress traffic on port 22 from any source (i.e. 0.0.0.0/0). Because a lot of EC2 instances are launched using a security group like this, it can increase opportunities for malicious activity such as hacking, brute-force attacks or even Denial-of-Service (DoS) attacks.
To determine if you have any EC2 instances associated with security groups prefixed with "launch-wizard", perform the following:
To adhere to the principle of least privilege and replace the associated security groups, prefixed with "launch-wizard", with secure and well-configured security groups, perform the following: