Rule: Ensure AWS EC2 Instances with Public IP and Security Groups do Not Have Internet Access
This rule ensures that AWS EC2 instances with public IP addresses and associated security groups are not granted internet access.
| Rule | Ensure AWS EC2 instances with public IP and associated with security groups do not have Internet access |
| Framework | CloudDefense.AI Security |
| Severity | ✔ High |
Rule Description:
This rule ensures that AWS EC2 instances with public IP addresses and associated with security groups do not have Internet access for CloudDefense. By implementing this rule, you can prevent unauthorized access to CloudDefense services from public networks and enhance the security of your EC2 instances.
Troubleshooting Steps:
- 1.Verify the EC2 instance has a public IP assigned.
- 2.Check the associated security group of the EC2 instance.
- 3.Confirm that the EC2 instance is unable to access the Internet.
Necessary Code:
No additional code snippets are needed for this rule. The configuration settings can be managed directly within the AWS Management Console or using AWS CLI commands.
Step-by-Step Guide for Remediation:
1. Access the AWS Management Console:
Sign in to the AWS Management Console using your credentials.
2. Navigate to the EC2 Dashboard:
From the list of services, select "EC2" under "Compute" or search for "EC2" in the search bar. The EC2 Dashboard should open.
3. Identify Instances with Public IP Addresses:
In the EC2 Dashboard, review the list of instances to identify the ones with public IP addresses. Look for the column labeled "Public IP" or "EIP" (Elastic IP).
4. Confirm Security Group Associations:
Click on the instance with a public IP address to view its details. In the details pane, locate the "Security groups" section.
5. Review Security Group Rules:
Identify the associated security group(s) and go to the EC2 Dashboard sidebar. Click on "Security Groups" under "NETWORK & SECURITY" to access the list of security groups.
6. Edit Security Group Rules:
- Select the appropriate security group and click the "Inbound Rules" tab.
- Review the inbound rules and ensure there are no rules that allow inbound internet traffic (e.g., 0.0.0.0/0) for the relevant ports or protocols required by CloudDefense.
- If any such rules are present, select them and click on the "Actions" drop-down menu. Then, choose "Delete rules" to remove them.
7. Confirm Internet Access Restriction:
To validate that the EC2 instance no longer has internet access, attempt to access the internet from the instance using a web browser or ping command.
8. Repeat for Remaining Instances:
Repeat steps 4-7 for any other EC2 instances with public IP addresses that need to be restricted from accessing the internet for CloudDefense.
By following these steps, you can ensure that your AWS EC2 instances with public IP addresses and associated security groups do not have access to the internet for CloudDefense, thereby enhancing the security of your infrastructure.