Loading controls...
Benchmark: 4. Limit security groups
Description
Security groups are a key way that you can enable network access to resources you have provisioned on AWS. Ensuring that only the required ports are open and the connection is enabled from known network ranges is a foundational approach to security.
Usage
Browse dashboards and select 4. Limit security groups:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_top_10.benchmark.account_security_limit_security_groupsSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_top_10.benchmark.account_security_limit_security_groupsControls
- EC2 instances should not be attached to 'launch wizard' security groups
- VPC default security group should not allow inbound and outbound traffic
- VPC Security groups should only allow unrestricted incoming traffic for authorized ports
- VPC security groups should restrict ingress from 0.0.0.0/0 or ::/0 to cassandra ports 7199 or 9160 or 8888
- VPC security groups should restrict ingress from 0.0.0.0/0 or ::/0 to memcached port 11211
- VPC security groups should restrict ingress from 0.0.0.0/0 or ::/0 to mongoDB ports 27017 and 27018
- VPC security groups should restrict ingress from 0.0.0.0/0 or ::/0 to oracle ports 1521 or 2483
- VPC security groups should restrict ingress Kafka port access from 0.0.0.0/0
- VPC security groups should restrict ingress redis access from 0.0.0.0/0
- VPC security groups should restrict ingress SSH access from 0.0.0.0/0
- VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
- Security groups should not allow unrestricted access to ports with high risk