Security Group modifications detected

Error: Security Group modifications not detected

Bridgecrew Policy ID: BC_AWS_ALERT_3
Severity: MEDIUM

Security Group modifications not detected

Description

AWS Security Group is essentially a firewall in AWS infrastructure. It provides the initial network security layer to protect instances, applications and resources at protocol and port access levels.

Security groups define the rules to control traffic of VPCs and modify them at any point in time. These rules will be applied to all instances with which the security group is associated.

We recommend tracking rule modifications in security groups to ensure that any networking configuration change that could affect external and internal access to the environment is known and approved, including:

  • RevokeSecurityGroupIngress
  • RevokeSecurityGroupEgress
  • CreateSecurityGroup
  • DeleteSecurityGroup