Rule: Ensure Security Group Does Not Allow Inbound Traffic to TCP Port 6379
This rule ensures the EC2 instance security group does not allow all inbound traffic to TCP port 6379 (Redis).
| Rule | Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP port 6379 (Redis) |
| Framework | CloudDefense.AI Security |
| Severity | ✔ High |
Description
The security group attached to an EC2 instance should have a rule that restricts inbound traffic on TCP port 6379 (Redis) to improve security and prevent unauthorized access to the EC2 instance. The rule ensures that only specific IP addresses or security groups are allowed to access the Redis service running on the EC2 instance.
Troubleshooting Steps
If you encounter any issues related to the security group not allowing inbound traffic from all to TCP port 6379, follow these troubleshooting steps:
- 1.
Verify security group rules:
- Go to the EC2 Management Console.
- Navigate to the "Security Groups" section.
- Find the security group associated with the EC2 instance.
- Review the inbound rules to check if there is a rule allowing traffic on TCP port 6379 from all IP addresses.
- 2.
Update the security group rule:
- If there is a rule allowing inbound traffic on TCP port 6379 from all IP addresses, it should be modified.
- Identify the IP addresses or security groups that require access to the Redis service.
- Remove the existing rule allowing traffic from all IP addresses.
- Add new inbound rules to allow access only from the specific IP addresses or security groups.
- 3.
Test connectivity:
- Once the security group rules have been updated, test connectivity to ensure the Redis service is accessible only from the intended sources.
- Verify if the desired IP addresses or security groups can establish a connection to TCP port 6379.
Necessary Codes
No specific codes are required for this rule.
Remediation Guide
Follow the steps below to resolve the issue of the security group allowing inbound traffic from all to TCP port 6379:
- 1.
Log in to the AWS Management Console.
- 2.
Go to the EC2 service.
- 3.
Select "Security Groups" from the left sidebar.
- 4.
Find the security group associated with the target EC2 instance where Redis is running.
- 5.
Select the security group and click on the "Inbound rules" tab.
- 6.
Identify the rule allowing inbound traffic from all IP addresses to TCP port 6379.
- 7.
Click on the "Actions" button and select "Edit inbound rules."
- 8.
Locate the rule allowing traffic on TCP port 6379 from all sources and remove it.
- 9.
Add new inbound rules to allow access only from the specific IP addresses or security groups that require access to the Redis service:
- Click on the "Add rule" button.
- Select "Redis" for the type.
- Specify the source IP address range or security group that should be allowed to access the Redis service.
- Enter TCP port 6379 as the port range.
- Save the new rule.
- 10.
Click on "Save rules" to apply the changes to the security group.
- 11.
Test connectivity to ensure the Redis service is accessible only from the intended sources by trying to connect to TCP port 6379 from the specified IP addresses or security groups.
Conclusion
Following these steps, you can ensure the security group attached to the EC2 instance does not allow inbound traffic from all to TCP port 6379 (Redis) for CloudDefense. By restricting access to specific IP addresses or security groups, you enhance the security posture of your EC2 instance and protect it from unauthorized access.