AWS > EC2 >

Default Security Group In Use

MEDIUM

Source

CloudSploit

default-security-group-in-use

management console

Default Security Group In Use

Ensure that AWS EC2 Instances are not associated with default security group.

The default security group allows all traffic inbound and outbound, which can make your resources vulnerable to attacks. Ensure that the Amazon EC2 instances are not associated with the default security groups.

Recommended Actions

Modify EC2 instances and change security group.

Links

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#default-security-group

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.