Skip to content

Security Groups are not attached to EC2 instances or ENIs

Description

Security groups are an important layer of security for Amazon EC2 instances and network interfaces (ENIs). They act as a virtual firewall for your instances, controlling inbound and outbound traffic to and from your instances. By attaching security groups to your EC2 instances or ENIs, you can specify which traffic is allowed to reach your instances, and which traffic is blocked. This can help to protect your instances from unauthorized access and prevent potential security vulnerabilities.

Fix - Buildtime

Terraform

  • Resource: aws_network_interface, aws_instance, aws_security_group
  • Argument: security_groups of aws_instance or aws_security_group
resource "aws_network_interface" "test" {
  subnet_id       = "aws_subnet.public_a.id"
  security_groups = [aws_security_group.ok_sg.id]
}

resource "aws_instance" "test" {
  ami           = "data.aws_ami.ubuntu.id"
  instance_type = "t3.micro"
  security_groups = [aws_security_group.ok_sg.id]
}

resource "aws_security_group" "ok_sg" {
  ingress {
    description = "TLS from VPC"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = 0.0.0.0/0
  }
}