Instances Security Groups
This bot identifies all instances that are associated with user-provided Security Groups. By carefully tracking more permissive Security Groups and receiving alerts when instances are created or modified into them, you are able to maintain more control over access to instances. This bot supports Amazon Web Services (AWS) and OpenStack.
Recommended Action
Confirm with the instance owner that the instance should be in the more permissive Security Group. Or, for example, use to examine the instance tags for a key pair indicating the instance should be in the more permissive Security Group and, if the key pair is not there, automatically stop the instance and send alerts.
Severity
High
Resource Types Inspected
Instance Database Instance Memcache Instance Big Data Instance
Reactive Hookpoints
resource.created resource.modified