Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to all the ports.
Perform the following to implement the prescribed state:
1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home
2. In the left pane, click Security Groups
3. For each security group, perform the following:
1. Select the security group
2. Click the Inbound Rules tab
3. Identify the rules to be removed
4. Click the x in the Remove column
5. Click Save
Impact: For updating an existing environment, care should be taken to ensure that administrators currently relying on an existing ingress from 0.0.0.0/0 have access to the ports through another security group.