Amazon Auto Scaling

3.10: Amazon Auto Scaling Group is Publicly Accessible from the Internet

📘 Public accessibility of Amazon Auto Scaling Groups can lead to significant security risks, such as unauthorized access and potential data breaches. Implementing strict access controls is crucial to protect these groups from external threats.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-668 Exposure of Resource to the Wrong Sphere
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure, Tampering
  • Rule Set: Threat Modeling - Cloud Configuration Check

4.5: AWS EC2 Instance is Not Launched in an Autoscaling Group

📘 Not using an Autoscaling Group for AWS EC2 instances can lead to potential issues with scalability and availability. Ensuring instances are part of an Autoscaling Group is important for maintaining operational resilience.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-16 Configuration
  • Assurance Scope: NIST
  • Threat Modeling Principal: Availability
  • Rule Set: Threat Modeling - Cloud Configuration Check

4.6: Auto Scaling Group is Not Configured to Use Multiple Availability Zones

📘 An Auto Scaling Group not configured to use multiple availability zones can result in reduced fault tolerance and availability. Utilizing multiple zones is key to ensuring high availability and resilience of the infrastructure.

  • Section: Compute
  • Severity: Medium
  • CWE: CWE-410 Insufficient Resource Pool
  • Assurance Scope: NIST
  • Threat Modeling Principal: Availability
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 5 months ago

What’s Next