Unused EC2 Security Groups Removal Rule

Guideline states that unused EC2 security groups should be removed to enhance security.

Rule	Unused EC2 security groups should be removed
Framework	PCI v3.2.1
Severity	✔ Low

Rule Description:

Unused EC2 security groups should be removed for PCI v3 compliance. This rule ensures that any security groups associated with your EC2 instances that are no longer in use are deleted. Unused security groups pose a potential security risk as they may have unnecessary open ports or overly permissive rules.

Troubleshooting Steps:

If you encounter issues while removing unused EC2 security groups, follow these troubleshooting steps:

1.
Verify permissions: Ensure that the user performing the removal has the necessary permissions. They should have the "ec2:DeleteSecurityGroup" permission.

2.
Check dependencies: Confirm that the security group is not associated with any active EC2 instances or other resources. If it is, remove the association before attempting to delete the security group.

3.
Validate rule compliance: Verify that the security group is indeed unused and not required for any specific purpose before removing it. Incorrectly removing a required security group can lead to unintended consequences.

Necessary Codes:

The following AWS CLI command can be used to list all the unused security groups:

aws ec2 describe-security-groups --query 'SecurityGroups[?length(Instances)==`0`]'

Step-by-Step Guide for Remediation:

Follow these steps to remove unused EC2 security groups:

1.
Identify unused security groups: Execute the provided AWS CLI command to list all the unused security groups.

2.
Review the list: Examine the output of the command and identify the security groups that are not associated with any instances.

3.
Select security group for removal: Determine which security group(s) to remove based on your analysis. Make sure to validate that they are indeed unused and not required for any specific purpose.

4.
Remove security group: Use the following AWS CLI command to delete the selected security group(s):

aws ec2 delete-security-group --group-id <security-group-id>

Replace

<security-group-id>

with the actual ID of the security group you want to remove. Repeat this command for each security group you wish to delete. 5. Verify deletion: Execute the AWS CLI command below to ensure successful removal of the security group(s):

aws ec2 describe-security-groups --group-ids <security-group-id>

Replace

<security-group-id>

with the ID of the removed security group. If the command returns an error, it indicates that the security group was successfully deleted. 6. Repeat steps 4-5: Repeat steps 4 and 5 for each additional security group you want to remove. 7. Validate rule compliance: After removing the unused security groups, ensure that your environment is still functioning correctly and all required resources are accessible.

Unused EC2 Security Groups Removal Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Codes:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now