Ensure no EC2 instance allows incoming traffic from to known UDP port


In order to implement the principle of least privilege and reduce the possibility of a breach. Always make sure EC2 instances are not exposed incoming traffic from to known UDP ports


From Portal:
1. Sign in to the AWS Management Console, and Navigate to EC2 dashboard at .
2. In the navigation pane, choose Instances.
3. Select your instance and, in bottom half of the screen, choose the Security tab.
4. Security groups lists the security groups that are associated with the instance. Inbound rules displays a list of the inbound rules that are in effect for the instance.
5. Identify the security group with the scope and a Known UDP port from the list in GSL.
6. On the Edit inbound rules page, modify the traffic source that allow traffic from to one of the port from the list.
7. Select My IP from the Source dropdown list to allow inbound traffic only from your machine or Select Custom from the Source dropdown list and enter appropriate range of IPs.
8. Click Save to apply the changes.

From Command Line:
1. Identify the security group associated with the instance.Remove the rule which has ingress is to one of the from the GSL list.
aws ec2 revoke-security-group-ingress –region REGION –group-name GROUP_NAME –protocol udp –port PORT_NUMBER –cidr
2. Now add the inbound rules with different parameters, Modify the CIDR_BLOCK to appropriate range in order to restrict access from 0.0.0/0 to one of the port from the list.
aws ec2 authorize-security-group-ingress –region REGION –group-name GROUP_NAME –protocol PROTOCOL –port PORT –cidr CIDR_BLOCK

From CFT:
Use the link to the Cloudformation resource from the references.

From TF:
Use the link to the terraform resource from the references.








We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!