Security Group modifications not detected
Description
AWS Security Group is essentially a firewall in AWS infrastructure. It provides the initial network security layer to protect instances, applications and resources at protocol and port access levels.
Security groups define the rules to control traffic of VPCs and modify them at any point in time. These rules will be applied to all instances with which the security group is associated.
We recommend tracking rule modifications in security groups to ensure that any networking configuration change that could affect external and internal access to the environment is known and approved, including:
- RevokeSecurityGroupIngress
- RevokeSecurityGroupEgress
- CreateSecurityGroup
- DeleteSecurityGroup