Amazon_EC2_63
In order to implement the principle of least privilege and reduce the possibility of a breach. Always make sure EC2 instances are not exposed incoming traffic from 0.0.0.0/0 to known TCP ports
From Portal:
1. Sign in to the AWS Management Console, and Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/ .
2. In the navigation pane, choose Instances.
3. Select your instance and, in bottom half of the screen, choose the Security tab.
4. Security groups lists the security groups that are associated with the instance. Inbound rules displays a list of the inbound rules that are in effect for the instance.
5. Identify the security group with the scope 0.0.0.0/0 and a Known TCP port from the list in GSL.
6. On the Edit inbound rules page, modify the traffic source that allow traffic from 0.0.0.0/0 to one of the port from the list.
7. Select My IP from the Source dropdown list to allow inbound traffic only from your machine or Select Custom from the Source dropdown list and enter appropriate range of IPs.
8. Click Save to apply the changes.
From Command Line:
1. Identify the security group associated with the instance.Remove the rule which has ingress is 0.0.0.0/0 to one of the from the GSL list.
aws ec2 revoke-security-group-ingress –region REGION –group-name GROUP_NAME –protocol tcp –port PORT_NUMBER –cidr 0.0.0.0/0
2. Now add the inbound rules with different parameters, Modify the CIDR_BLOCK to appropriate range in order to restrict access from 0.0.0/0 to one of the port from the list.
aws ec2 authorize-security-group-ingress –region REGION –group-name GROUP_NAME –protocol PROTOCOL –port PORT –cidr CIDR_BLOCK
From CFT:
Use the link to the Cloudformation resource from the references.
From TF:
Use the link to the terraform resource from the references.
References:
1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html
2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/revoke-security-group-ingress.html#
3. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html
4. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
5. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.