Determine if there is a large number of security group rules assigned to an EC2 instance and reduce their number by removing any unnecessary or overlapping rules. To improve the instance network performance Cloud Conformity recommends a default value of 50 for the maximum number of inbound and outbound rules applied to an EC2 instance, however, this value is configurable so you can adjust it based on your requirements.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Applying a large number of security group rules to an EC2 instance can impact its network performance and increase the latency when accessing the instance.
Note: The threshold for the maximum number of inbound and outbound rules combined set for this guide is 50 (recommended).
To determine if there are any EC2 instances with more than 50 inbound and outbound rules combined available in your AWS account, perform the following:
Remediation / Resolution
To remove any unnecessary or overlapping inbound and outbound rules from the security group(s) associated with your EC2 instances, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EC2 Instance Security Group Rules Counts
Risk level: Low