Amazon_EC2_33

Ensure Descriptions for Security Group Rules is in place

Description

All the rules defined for your Amazon EC2 security groups should have a description to help simplify your operations and remove any opportunities for operator errors. Adding descriptive text for security group rules will allow you to store locally useful information without the need to keep any documentation external and separated from the EC2 service. The information provided as description can be used for multiple purposes such as EC2/application firewall auditing, security group rules management, third-party auditing, etc.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to EC2 dashboard.

3. In the left navigation panel, under the NETWORK & SECURITY section, choose Security Groups.

4. Select the security group that you want to examine.

5. Select the Inbound/Outbound tab from the bottom panel of the dashboard and click Edit to update the necessary ingress/egress rules.

6. Within the Edit inbound/outbound rules dialog box, provide a descriptive text, e.g. Admin access from Melbourne office”, for each existing rule in the Description field available next to the rule configuration. The rule description can be up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces and ._-:/()#,@[]+=

Service

EC2

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!