Rule: Ensure Security Group does not allow all inbound traffic to TCP 27017

This rule ensures that the Security Group attached to an EC2 instance restricts inbound traffic to TCP 27017 (MongoDB) to enhance security measures.

Rule	Ensure Security Group attached to EC2 instance does not allow inbound traffic from all to TCP 27017 (MongoDB)
Framework	CloudDefense.AI Security
Severity	✔ High

Rule Description:

The security group attached to an EC2 instance should not allow inbound traffic from all sources (0.0.0.0/0) to TCP port 27017, which is commonly used for MongoDB. This rule is enforced by CloudDefense to ensure the security and integrity of the EC2 instance and its associated MongoDB database.

Troubleshooting Steps:

If this rule is violated, it may expose the MongoDB service to potential unauthorized access and security threats. To troubleshoot and remediate this issue, follow the steps below:

1. Identify the Security Group Attached to the EC2 Instance:

First, determine the security group attached to the EC2 instance that is running the MongoDB service. This can be found in the AWS Management Console or by using the AWS CLI with the following command:

aws ec2 describe-instances --instance-ids <instance-id> --query 'Reservations[].Instances[].SecurityGroups[].GroupId'

Replace

<instance-id>

with the actual ID of the EC2 instance.

2. Verify Inbound Rules for the Security Group:

Next, check the inbound rules configured for the identified security group. This can be done via the AWS Management Console or by using the AWS CLI with the following command:

aws ec2 describe-security-groups --group-ids <security-group-id>

Replace

<security-group-id>

with the actual ID of the security group obtained in the previous step.

Ensure that there is no specific rule allowing inbound traffic from all sources (0.0.0.0/0) to TCP port 27017. If such a rule exists, it needs to be removed or modified.

3. Modify the Inbound Rule:

To modify the inbound rule, you can use the following AWS CLI command:

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 27017 --source-ip 0.0.0.0/0

Replace

<security-group-id>

with the actual ID of the security group. This command revokes the inbound rule allowing traffic from all sources to port 27017.

Alternatively, you can use the AWS Management Console to modify the security group's inbound rules.

Note:

It's important to review the inbound rules of the security group carefully and ensure that only necessary and trusted sources are allowed access to the MongoDB port (27017) if required. Restricting the access to specific IP ranges or EC2 instances that require access is highly recommended for better security.

By following the above steps, you can ensure that the security group attached to the EC2 instance does not allow inbound traffic from all sources to TCP port 27017, meeting the CloudDefense policy requirements.

Rule: Ensure Security Group does not allow all inbound traffic to TCP 27017

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}1. Identify the Security Group Attached to the EC2 Instance:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}2. Verify Inbound Rules for the Security Group:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}3. Modify the Inbound Rule:

Is your System Free of Underlying Vulnerabilities? Find Out Now

1. Identify the Security Group Attached to the EC2 Instance:

2. Verify Inbound Rules for the Security Group:

3. Modify the Inbound Rule:

Is your System Free of Underlying Vulnerabilities?
Find Out Now