Ensure that the EC2 instances provisioned in your AWS account are not associated with default security groups created alongside with your VPCs in order to enforce using custom and unique security groups that exercise the principle of least privilege.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an EC2 instance is launched without specifying a custom security group, the default security group is automatically assigned to the instance. Because a lot of instances are launched in this way, if the default security group is configured to allow unrestricted access, it can increase opportunities for malicious activity such as hacking, brute-force attacks or even denial-of-service (DoS) attacks.
To determine if you have any provisioned EC2 instances associated with default security groups, perform the following:
Remediation / Resolution
To adhere to the principle of least privilege and replace the associated default security groups with custom security groups, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Default Security Groups In Use
Risk level: Medium