More Info:

Checks if EC2 instances have several Security Groups attached. Ideally there should be just 1 security group attach to an EC2 instance.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Remediation

Using Console

Sure, here are the step-by-step instructions to remediate the misconfiguration of EC2 instances with multiple security groups in AWS:

  1. Log into your AWS Management Console and navigate to the EC2 Dashboard.

  2. Select the EC2 instance that has multiple security groups.

  3. In the Details tab of the EC2 instance, scroll down to the Security Groups section.

  4. Click on the Edit security groups button.

  5. A pop-up window will appear showing all the security groups associated with the EC2 instance.

  6. Remove all the unnecessary security groups by selecting them and clicking on the Remove button.

  7. Click on the Save button to save the changes.

  8. Verify that only the required security group is associated with the EC2 instance.

By following the above steps, you can remediate the misconfiguration of EC2 instances with multiple security groups in AWS.

Using CLI

Sure, here are the step by step instructions to remediate the issue of EC2 instances with multiple security groups in AWS using AWS CLI:

  1. Open the AWS CLI on your local machine.

  2. Run the following command to list all the EC2 instances with multiple security groups:

aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId, SecurityGroups]' --output text | awk '{if (NF>2) print $1}'

This command will return a list of EC2 instance IDs that have more than one security group assigned to them.

  1. For each instance ID returned by the previous command, run the following command to remove all but one of the security groups:
aws ec2 modify-instance-attribute --instance-id <instance-id> --groups <security-group-id>

Replace <instance-id> with the ID of the EC2 instance and <security-group-id> with the ID of the security group that you want to keep.

  1. Repeat step 3 for all the EC2 instances returned by the first command.

  2. Finally, run the first command again to verify that all the EC2 instances now have only one security group assigned to them.

That’s it! You have successfully remediated the issue of EC2 instances with multiple security groups in AWS using AWS CLI.

Using Python

To remediate EC2 instances with multiple security groups in AWS using Python, follow these steps:

Step 1: Import the Boto3 library

import boto3

Step 2: Create an EC2 client object

ec2 = boto3.client('ec2')

Step 3: Get a list of all EC2 instances

instances = ec2.describe_instances()

Step 4: Loop through the instances and check if they have multiple security groups

for reservation in instances['Reservations']:
    for instance in reservation['Instances']:
        if len(instance['SecurityGroups']) > 1:
            instance_id = instance['InstanceId']
            security_group_ids = [sg['GroupId'] for sg in instance['SecurityGroups']]

Step 5: Remove the extra security groups from the instance

ec2.modify_instance_attribute(InstanceId=instance_id, Groups=security_group_ids[:1])

This will remove all the extra security groups from the instance and leave only the first security group in the list. You can run this script periodically to ensure that all your EC2 instances have only one security group assigned to them.

Additional Reading: