Unused EC2 Security Groups Should Be Removed Rule
This rule focuses on removing unused EC2 security groups to enhance security measures.
| Rule | Unused EC2 security groups should be removed |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description
The rule "Unused EC2 security groups should be removed" is a part of the AWS Foundational Security Best Practices. It enforces the removal of unused security groups associated with Amazon Elastic Compute Cloud (EC2) instances. Unused security groups can create security vulnerabilities by allowing unauthorized access or by not adhering to the principle of least privilege.
Rule Remediation
To remediate this rule, you need to identify and remove any unused EC2 security groups in your AWS environment. Follow the step-by-step guide below for remediation:
Step 1: Identify Unused Security Groups
You will need to identify the security groups that are not associated with any running or stopped EC2 instances. To do this, use the AWS Command Line Interface (CLI) or AWS Management Console.
Using AWS CLI:
- 1.
Open the command-line interface and ensure you have the AWS CLI installed and configured.
- 2.
Run the following AWS CLI command to list all the security groups:
aws ec2 describe-security-groups
- 1.Review the output and note down any security groups that don't have any EC2 instances associated with them.
Using AWS Management Console:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
Click on "Security Groups" in the navigation pane.
- 4.
Review the list of security groups and note down any that don't have any EC2 instances associated with them.
Step 2: Verify Unused Security Groups
Before removing any security groups, it is essential to ensure that they are indeed unused and not required anymore.
- 1.
Identify the purpose and intended usage of each security group.
- 2.
Consult with relevant stakeholders or application owners to confirm if a security group is still required.
Step 3: Remove Unused Security Groups
Once you have confirmed that a security group is unused and can be safely removed, follow these steps to delete it:
Using AWS CLI:
- 1.
Open the command-line interface and ensure you have the AWS CLI installed and configured.
- 2.
Run the following AWS CLI command, replacing
with the actual ID of the security group you want to delete:<security-group-id>
aws ec2 delete-security-group --group-id <security-group-id>
Using AWS Management Console:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
Click on "Security Groups" in the navigation pane.
- 4.
Select the security group you want to delete.
- 5.
Click on the "Actions" drop-down menu and choose "Delete security group."
- 6.
Confirm the deletion when prompted.
Troubleshooting
If there are any issues while following the remediation steps, refer to the troubleshooting tips below:
- 1.
Incorrect Security Group ID: Ensure that you provide the correct security group ID when running the AWS CLI command or deleting a security group in the management console.
- 2.
Dependencies: If a security group is associated with other resources apart from EC2 instances (e.g., RDS instances, Load Balancers), it cannot be deleted until those dependencies are resolved. Remove the associations with other resources before attempting to delete the security group.
- 3.
Insufficient Permissions: If the AWS CLI commands fail due to insufficient permissions, ensure that you have the necessary IAM permissions to delete security groups. Refer to the AWS Identity and Access Management (IAM) documentation for guidance on setting up the required permissions.
- 4.
Security Group In Use: Some security groups may still show as in use even if they have no EC2 instances associated with them. This could be due to potential residual references or pending changes in your AWS environment. Wait for a while and re-verify before attempting to delete again.
If the troubleshooting steps do not resolve the issues, consider seeking assistance from AWS support or consulting relevant documentation for further guidance.