Ports Should Not Be Open for External Traffic

More Info:

Security groups should not have all ports or protocols open to the public. Security groups should be created on a per-service basis and avoid allowing all ports or protocols.

Risk Level

Medium

Address

Security

Compliance Standards

NIST

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the issue of ports being open for external traffic in AWS Security Groups using AWS CLI, follow these steps:

Identify the security group that has the open port for external traffic. You can use the following AWS CLI command to list all security groups in your AWS account:

aws ec2 describe-security-groups

Once you have identified the security group that needs to be remediated, note down the Group ID of the security group.
Use the following AWS CLI command to revoke the ingress rule that allows external traffic to the port in the security group. Replace <group-id> and <ip-permission-id> with the actual values:

aws ec2 revoke-security-group-ingress --group-id <group-id> --ip-permissions '[{"IpProtocol": "tcp", "FromPort": <port-number>, "ToPort": <port-number>, "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "IpPermissionId": "<ip-permission-id>"}]'

Verify that the ingress rule has been revoked successfully by describing the security group again:

aws ec2 describe-security-groups --group-ids <group-id>

Repeat the above steps for any other security groups that have open ports for external traffic.

By following the above steps, you can successfully remediate the issue of ports being open for external traffic in AWS Security Groups using AWS CLI.

Using Python

To remediate the issue of ports being open for external traffic in AWS Security Groups using Python, you can use the AWS SDK for Python (Boto3) to update the security group rules. Here are the step-by-step instructions to remediate this issue:

Install the Boto3 library if you haven’t already:

pip install boto3

Use the following Python script to identify and close the open ports in the security groups:

import boto3

# Initialize the EC2 client
ec2 = boto3.client('ec2')

# Define the security group ID that you want to remediate
security_group_id = 'YOUR_SECURITY_GROUP_ID'

# Describe the current inbound rules of the security group
response = ec2.describe_security_groups(GroupIds=[security_group_id])

# Iterate over each inbound rule and revoke the open ports
for rule in response['SecurityGroups'][0]['IpPermissions']:
    if 'FromPort' in rule and 'ToPort' in rule:
        from_port = rule['FromPort']
        to_port = rule['ToPort']
        if from_port != to_port:
            ec2.revoke_security_group_ingress(
                GroupId=security_group_id,
                IpPermissions=[{
                    'FromPort': from_port,
                    'ToPort': to_port,
                    'IpProtocol': rule['IpProtocol'],
                    'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
                }]
            )
        else:
            ec2.revoke_security_group_ingress(
                GroupId=security_group_id,
                IpPermissions=[{
                    'FromPort': from_port,
                    'ToPort': to_port,
                    'IpProtocol': rule['IpProtocol'],
                    'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
                }]
            )

print("Security group remediated successfully.")

Replace 'YOUR_SECURITY_GROUP_ID' with the actual ID of the security group that you want to remediate.
Run the Python script. It will iterate over each inbound rule in the specified security group and revoke the open ports for external traffic.

By following these steps, you can remediate the issue of open ports for external traffic in AWS Security Groups using Python and the Boto3 library.

Additional Reading:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Ports Should Not Be Open for External Traffic

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: