Determine if there is a large number of inbound and outbound rules defined for your Amazon EC2 security groups and reduce their number by removing any unnecessary or overlapping rules. To improve performance and efficiency, Trend Cloud One™ – Conformity recommends a default value of 50 for the maximum number of rules assigned to a security group, however this value is configurable and you can adjust the threshold based on your requirements.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
Defining a large number of rules for a security group can increase the latency and impact the performance of the AWS cloud resources associated with the security group.
Note: The threshold for the maximum number of inbound and outbound rules set for this conformity rule is 50 (recommended).
Audit
To determine if there are Amazon EC2 security groups with more than 50 inbound and outbound rules created within your AWS cloud account, perform the following actions:
Remediation / Resolution
To remove any unnecessary or overlapping inbound and outbound rules from your Amazon EC2 security groups, perform the following operations:
References
- AWS Documentation
- Amazon EC2 security groups for Linux instances
- Work with security groups
- Security group rules for different use cases
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-security-groups
- revoke-security-group-ingress
- revoke-security-group-egress
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider