VPC security group rules within private VPCs should not permit ingress from 0.0.0.0/0 to all ports and protocols¶
Security groups within private VPCs should permit access only to necessary ports to prevent access to potentially vulnerable services on other ports.
Console Remediation Steps¶
Navigate to VPC.
In the left navigation, select Security Groups.
Select the desired security group and click the Inbound tab.
Click Edit rules.
Remove any permissions that allow ‘0.0.0.0/0’ to all ports/protocols.
CLI Remediation Steps¶
Remove ingress rules which allow connectivity from anywhere to all ports and protocols:
aws ec2 revoke-security-group-ingress --group-id <id> --ip-permissions