What is AWS Security Groups?

In AWS, security groups act as a virtual firewall that regulates inbound/outbound traffic for service instances. Unlike traditional firewalls, however, security groups only allow you to create permissive rules. Users are not provided the ability to deny traffic. This means that if no rules are set for an instance, then all inbound/outbound traffic will be blocked.

AWS Security Groups Configuration Best Practices

As with any AWS service, it is crucial that AWS security groups are properly configured to protect against security risks and threats and best practices are followed:

1) VPC flow logging: Enable Virtual Private Cloud (VPC) flow logging. VPC flow logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic and provide insight during security workflows. It is one of AWS’s network monitoring services and enabling it will allow you to detect security and access issues such as overly permissive security groups, and alert on anomalous activities such as rejected connection requests or unusual levels of data transfer.

2) EC2: Ensure that EC2 security groups don’t have large ranges of ports open. With large port ranges open, vulnerabilities could be exposed. An attacker can scan the ports and identify vulnerabilities of hosted applications without easy traceability due to large port ranges being open.

3) RDS: Restrict access to RDS instances. When the VPC security groups associated with an RDS instance allow unrestricted access (i.e. source set to 0.0.0.0/0), entities on the internet can establish a connection to your database. This increases the risk of malicious activities such as brute-force attacks, SQL injections, or DoS attacks.

4) Redshift: Restrict access to redshift clusters. When redshift clusters are publicly accessible, entities on the internet can establish a connection to your databases. This increases the risk of malicious activities such as brute-force attacks, SQL injections, or DoS attacks.

5) Discrete security groups: Minimize the number of discrete security groups to decrease the risk of misconfiguration leading to account compromise.