MEDIUM
Source
CloudSploit
ID
overlapping-security-groups

Overlapping Security Groups

Determine if EC2 instances have security groups that share the same rules

Overlapping security group rules make managing EC2 instance access much more difficult.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. Scroll down the left navigation panel and choose “Security Groups” under “Network & Security”.

  4. Select the “Security Group” that needs to be verified and scroll down and click on the “Details” tab and copy “Security group ID”. Step

  5. Scroll down the left navigation panel and choose “Instances” and search the copied “Security Group ID” copied above.Step

  6. Check the number of “EC2 Instance(s)” using the Security Group and if there are more than 1 instances sharing the same “Security Group” then it’s not according to the standard practice of AWS.Step

  7. Repeat steps number 2 - 6 to verify other “EC2 Instances” using same “Security Group”.

  8. Navigate to “Security Group” under “Network & Security” and click on the “Create Security Group” at the top.Step

  9. On the “Create Security Group” panel provide a “Security Group Name” and “Description” for the new “Security Group”.Select the “VPC” to which “Security Group” belongs.Step

  10. Select the “Inbound Traffic Rules” by clicking on the “Add Rule” button and select the “Protocols” as per the requirement.Step

  11. Click on the “Create security group” button at the bottom to create a new “Security Group”. Step

  12. Navigate to “Instances” in the left panel and select the “Instance(s)” which are sharing the same “Security Group”. Click on the “Actions” button at the top and click on the “Change security groups” under “Security”.Step

  13. On the “Change Security Groups” tab select the new “Security Group” under “Associated security groups” and click on “Add security group” button.Step

  14. Click on the “Save” button to assign the selected “Security Group” to the “EC2 Instance”.Step

  15. Remove any security group which may not be needed as required from the instance.

  16. Repeat steps number 8 - 15 to structure security groups and to avoid their overlapping in “EC2 Instances”.