This rule ensures that application load balancer does not have unrestricted security group attached.
Rule | Ensure application load balancer does not have unrestricted security group attached |
Framework | CloudDefense.AI Security |
Severity | ✔ Critical |
Rule Description
The rule aims to ensure that an application load balancer in the CloudDefense environment does not have an unrestricted security group attached. This is essential to maintain the security posture of the application and prevent unauthorized access.
Troubleshooting Steps
Necessary Codes
No specific codes are required for this rule. The verification can be done using the AWS Management Console or CLI commands.
Remediation Steps
CLI Command Guide
To verify and remediate an unrestricted security group attachment for an application load balancer, follow the steps below:
aws elbv2 describe-load-balancers --query 'LoadBalancers[?LoadBalancerName==`LOAD_BALANCER_NAME`].SecurityGroups[]'
Replace
LOAD_BALANCER_NAME
with the actual name or ARN of the load balancer.aws ec2 describe-security-groups --group-ids SECURITY_GROUP_ID
Replace
SECURITY_GROUP_ID
with the ID of the security group.aws ec2 revoke-security-group-ingress --group-id SECURITY_GROUP_ID --protocol PROTOCOL --port PORT --cidr CIDR aws ec2 revoke-security-group-egress --group-id SECURITY_GROUP_ID --protocol PROTOCOL --port PORT --cidr CIDR
Replace
SECURITY_GROUP_ID
with the ID of the security group.
Replace PROTOCOL
with the desired protocol (e.g., TCP, UDP, etc.).
Replace PORT
with the port number to restrict access.
Replace CIDR
with the IP range to allow access from.Conclusion
Following the steps provided above, you can ensure that no unrestricted security group is attached to an application load balancer in the CloudDefense environment. Regularly reviewing and enforcing security measures like this helps protect the application from unauthorized access and potential security risks.