Check your EC2 security groups for inbound rules that allow access from IP address ranges specified in RFC-1918 (i.e. 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) and restrict access to only those private IP addresses that require it in order to implement the principle of least privilege (as promoted by AWS security best practices).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using RFC-1918 CIDRs within your EC2 security groups to allow an entire private network to access EC2 instances is implementing overly permissive access control, therefore the security groups access configuration does not adhere to security best practices.
To determine if there are any EC2 security groups that contain RFC-1918 CIDRs available in your AWS account, perform the following:
Remediation / Resolution
To update the inbound/ingress configuration for the EC2 security groups with RFC-1918 CIDRs in order to restrict access to specific IP addresses or security groups, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
SecurityGroup RFC 1918
Risk level: Medium