Aqua CSPM

Launch Configuration Referencing Missing Security Groups

Quick Info

Plugin TitleLaunch Configuration Referencing Missing Security Groups
CloudAWS
CategoryAutoScaling
DescriptionEnsures that Auto Scaling launch configurations are not utilizing missing security groups.
More InfoAuto Scaling launch configuration should utilize an active security group to ensure safety of managed instances.
AWS Linkhttps://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html
Recommended ActionEnsure that the launch configuration security group has not been deleted. If so, remove it from launch configurations

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the “Services” option and search for EC2.
  3. In the EC2 Management console, scroll down and click on the “Launch Configurations” at the bottom.
  4. On the “Launch Configuration” page, scroll down and copy the Security Groups attribute value.
  5. Click on the “Security Group” name showing as a link to check whether the attached Security group exist or not.
  6. If the “Security group” page is displaying the message that “The security group ‘sg-000’ does not exist” then the Auto Scaling launch configurations are utilizing missing security groups.
  7. Repeat steps number 2 - 7 to check other groups in the account.
  8. Navigate to the EC2 console using the link https://console.aws.amazon.com/ec2/ .
  9. In the left navigation panel, choose “Launch Configuration” and select the ASG launch configuration that need to modify.
  10. On the “Launch Configuration” page, scroll down and click on the “Copy launch configuration” button.
  11. On the “Create launch configuration” page, scroll down and select the “Create a new Security group” option and open the Inbound ports as per the requirements.
  12. Click on the “Create launch configuration” button at the bottom to make the changes.
  13. Repeat steps number 8 - 12 to ensure that the launch configuration security group has not been deleted.