Risk Level: High
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.NET.80
Covered by Spectral: No
Category: Compute

GSL LOGIC

Instance where isPublic=true and nics contain [ subnet.routeTable.associations length()>0 and subnet.routeTable.routes contain [ destinationCidrBlock='0.0.0.0/0' and gatewayId like 'igw-%' ] ] should not have nics contain [ securityGroups contain [ inboundRules contain [ scope='0.0.0.0/0' and port in($CloudGuard_Known_DB_TCP_Ports) and protocol in('TCP', 'ALL') ] ] ]

REMEDIATION

From Portal

Sign in to the AWS Management Console, and Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances.
Select your instance and, in bottom half of the screen, choose the Security tab.
Security groups lists the security groups that are associated with the instance. Inbound rules displays a list of the inbound rules that are in effect for the instance.
Identify the security group with the scope 0.0.0.0/0 and a Known TCP port from the list in GSL.
On the Edit inbound rules page, modify the traffic source that allows traffic from 0.0.0.0/0 to one of the ports from the list.
Select My IP from the Source dropdown list to allow inbound traffic only from your machine or Select Custom from the Source dropdown list and enter appropriate range of IPs.
Click Save to apply the changes.

From Command Line

Identify the security group associated with the instance. Remove the rule which has ingress 0.0.0.0/0 to one from the GSL list.

aws ec2 revoke-security-group-ingress --region REGION --group-name GROUP_NAME --protocol tcp --port PORT_NUMBER --cidr 0.0.0.0/0

Now add the inbound rules with different parameters, Modify the CIDR_BLOCK to appropriate range in order to restrict access from 0.0.0.0/0 to one of the ports from the list.

aws ec2 authorize-security-group-ingress --region REGION --group-name GROUP_NAME --protocol PROTOCOL --port PORT --cidr CIDR_BLOCK

From CFT
Use the link to the Cloudformation resource from the references.

From TF
Use the link to the terraform resource from the references.

References

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

AWS CIS Controls V 8
AWS CSA CCM v.3.0.1
AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard CheckUp
AWS CloudGuard Network Alerts for default VPC components
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS GDPR Readiness
AWS HITRUST v11.0.0
AWS ISO 27001:2013
AWS ISO27001:2022
AWS LGPD regulation
AWS MAS TRM Framework
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 4
AWS NIST 800-53 Rev 5
AWS NIST CSF v1.1
AWS PCI-DSS 3.2
AWS PCI-DSS 4.0
AWS Security Risk Management
CloudGuard AWS All Rules Ruleset
CloudGuard AWS Default Ruleset