Ensure AWS Resources are Not Associated with Default Security Groups

Description:

In AWS, when you create a new VPC, a default security group is automatically created for that VPC. This default security group allows all outbound traffic and allows inbound traffic only from resources that are associated with the same security group. While this might seem restrictive, relying on default security groups can be a security risk. Resources associated with the default security group might inadvertently allow unwanted traffic, especially if the default configurations are not understood or modified improperly.


Remediation:

1. Identify Resources Associated with Default Security Groups:

AWS Management Console:
  • Navigate to the EC2 Dashboard.
  • In the left navigation pane, choose Security Groups.
  • Look for the security groups named "default" or check the Group Name column for "default".
  • Select the default security group and review the Description to ensure it's the default one associated with a VPC.
  • In the Details tab below, check the associated resources, such as EC2 instances, network interfaces, etc.

2. Disassociate Resources from Default Security Groups:

For each resource associated with the default security group:

  • Create or identify a new, appropriately configured security group that aligns with the required permissions for the resource.
  • Associate the resource with the new security group.
  • Remove the association between the resource and the default security group.
AWS Management Console:

For example, for EC2 instances:

  • Navigate to Instances in the EC2 Dashboard.
  • Select the instance associated with the default security group.
  • In the Description tab below, click on the linked security group under the Security groups section.
  • In the pop-up window, choose Change Security Groups.
  • Select the desired security group and deselect the default security group, then save.

3. Regularly Monitor for Default Security Group Associations:

  • Periodically review AWS resources to ensure none are being associated with the default security groups.
  • Consider setting up monitoring and alerts, possibly using AWS Config, to notify of any resources being associated with default security groups.

Recommendation:

It's essential to understand and manage the security groups associated with your AWS resources actively. Avoiding the use of default security groups provides a clearer and more intentional security posture. Implement a security group strategy that adheres to the principle of least privilege, ensuring that only necessary traffic is allowed. Regular audits and monitoring can help maintain a secure AWS environment and ensure compliance with best practices.