v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2.7 Ensure Default EC2 Security groups are not being used

Description

When an EC2 instance is launched a specified custom security group should be assigned to the instance.

When an EC2 Instance is launched the default security group is automatically assigned. In error a lot of instances are launched in this way, and if the default security group is configured to allow unrestricted access, it will increase the attack footprint allowing the opportunity for malicious activity.

Remediation

From Console:

  1. Login to EC2 using https://console.aws.amazon.com/ec2/.
  2. On the left Click Network & Security, click Security Groups.
  3. Select Security Groups.
  4. Click on the default Security Group you want to review.
  5. Click Actions, View details.
  6. Select the Inbound rules tab.
  7. Click on Edit inbound rules.
  8. Click on Delete for all the rules listed.
  9. Once there are no rules listed click on 'Save rules`
  10. Repeat steps no. 3 – 8 for any other default security groups listed.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_7 --share

SQL

This control uses a named query:

vpc_default_security_group_restricts_all_traffic

Tags

category = Compliance
cis = true
cis_item_id = 2.7
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2