Ensure that your AWS EC2 default security groups restrict all inbound public traffic in order to enforce AWS users (EC2 administrators, resource managers, etc) to create custom security groups that exercise the rule of least privilege instead of using the default security groups.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Because a lot of AWS users have the tendency to attach the default security group to their EC2 instances during the launch process, any default security groups configured to allow unrestricted access can increase opportunities for malicious activity such as hacking, denial-of-service attacks or brute-force attacks.
To determine if your EC2 default security groups allow public inbound traffic, perform the following:
Remediation / Resolution
To restrict public inbound traffic to your default security groups and use custom security groups instead of default ones for your EC2 instances, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Default Security Group Unrestricted
Risk level: Low