Amazon_VPC_8
Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to all the ports.
Perform the following to implement the prescribed state:
1. Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home
2. In the left pane, click Security Groups
3. For each security group, perform the following:
1. Select the security group
2. Click the Inbound Rules tab
3. Identify the rules to be removed
4. Click the x in the Remove column
5. Click Save
Impact: For updating an existing environment, care should be taken to ensure that administrators currently relying on an existing ingress from 0.0.0.0/0 have access to the ports through another security group.
References :
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html https://docs.aws.amazon.com/cli/latest/reference/ec2/revoke-security-group-ingress.html
“
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
