Rule: VPC Security Groups Should Be Associated with at Least One ENI
This rule ensures VPC security groups are associated with at least one Elastic Network Interface.
| Rule | VPC security groups should be associated with at least one ENI |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Rule Description:
The rule ensures that all VPC security groups are associated with at least one Elastic Network Interface (ENI) in accordance with the NIST Cybersecurity Framework (CSF) v1. This requirement enhances the security posture of the Amazon Virtual Private Cloud (VPC) environment by enforcing network traffic controls through the use of security groups.
Troubleshooting Steps:
If a VPC security group is not associated with any ENI, it could indicate a misconfiguration or oversight. To troubleshoot this issue, follow these steps:
- 1.Identify the VPC security groups that are not associated with any ENI by reviewing your VPC configuration.
- 2.Verify the purpose and intended usage of the VPC security groups to ensure they are necessary for your specific network requirements.
- 3.Check if the ENIs associated with the VPC security groups were accidentally deleted or disassociated. If so, reassociate them with the appropriate security groups.
- 4.Review the security group rules to ensure they align with your desired network traffic controls.
- 5.Monitor network traffic and any security-related events to identify any potential anomalies or threats.
Necessary Code:
There is no specific code required for this rule; it is purely a configuration and association requirement within the AWS environment.
Remediation Steps:
To remediate this issue and ensure that VPC security groups are associated with at least one ENI, follow these steps:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Amazon VPC service.
- 3.Select the VPC that contains the security group that needs remediation.
- 4.Click on the "Security Groups" tab.
- 5.Identify the security group that is not associated with any ENI.
- 6.Edit the security group by selecting it and clicking on the "Actions" button.
- 7.In the "Inbound Rules" or "Outbound Rules" tab, add a rule that allows or restricts the necessary network traffic based on your requirements.
- 8.Save the changes to the security group configuration.
Ensure that the security group contains the appropriate rules that align with your desired network traffic control and security objectives.
Monitor the security group and associated network traffic to verify that the remediation has been successful and that the security group is now properly associated with an ENI.
Conclusion:
Following this rule helps to maintain a secure VPC environment by enforcing the association of VPC security groups with at least one ENI. By ensuring proper network traffic control, you can mitigate the risk of unauthorized access or malicious activities within your AWS infrastructure.