Determine if there is a large number of inbound and outbound rules defined within your AWS EC2 security groups and reduce their number by removing any unnecessary or overlapping rules. To improve performance and efficiency Cloud Conformity recommends a default value of 50 for the maximum number of rules assigned to a security group, however, this value is configurable so you can adjust it based on your requirements.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Defining a large number of rules for a security group can increase the latency and impact the performance of the EC2 instances associated with the security group.
Note: The threshold for the maximum number of inbound and outbound rules set for this guide is 50 (recommended).
To determine if there are any EC2 security groups with more than 50 inbound and outbound rules defined, perform the following:
To remove any unnecessary or overlapping inbound/outbound rules from your EC2 security groups, perform the following: