Instances Security Groups

This bot identifies all instances that are associated with user-provided Security Groups. By carefully tracking more permissive Security Groups and receiving alerts when instances are created or modified into them, you are able to maintain more control over access to instances. This bot supports Amazon Web Services (AWS) and OpenStack.

Recommended Action

Confirm with the instance owner that the instance should be in the more permissive Security Group. Or, for example, use to examine the instance tags for a key pair indicating the instance should be in the more permissive Security Group and, if the key pair is not there, automatically stop the instance and send alerts.

Severity

High

Resource Types Inspected

Instance Database Instance Memcache Instance Big Data Instance

Reactive Hookpoints

resource.created resource.modified