Use the Conformity Knowledge Base AI to help improve your Cloud Posture

EC2 Security Group Unrestricted Access

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)

Check for AWS EC2 security groups that allow unrestricted inbound and/or outbound access (0.0.0.0/0 or ::/0) on both common and uncommon ports (except 80 and 443 ports) in order to secure the access at the EC2 instance level. Cloud Conformity strongly recommends access restrictions on any opened ports, except for the 80 (HTTP) and 443 (HTTPS) web-facing ports that allow inbound access only.

Security

Implementing access restrictions at the EC2 level can protect your instances against malicious attacks such as brute-force attacks, Denial of Service (DoS) attacks, man-in-the-middle attacks (MITM) and prevent hacking or loss of data.

Note: If your EC2 instance require custom access and there are already implemented access restrictions at the OS level using software firewalls such as iptables or Windows Server Firewall, you can choose to disable this rule, although is NOT recommended. Ideally, these two methods should be used to complement each other.


Severity Levels

Cloud Conformity provides 2 levels of severity for this checkup – High and Very High, allowing you to change the level based on your requirements.

Rules

Publication date Jun 19, 2016

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

EC2 Security Group Unrestricted Access

Risk Level: Medium