Security Group Ingress or Egress Rules Modified

Overview

This detector reports when the ingress or egress rules for a Security Group change. A unique issue will be created for each security group that changes.

Security Groups allow you to permit network access to and from a variety of AWS services based on network protocols, port numbers, and IP address ranges. Security Groups are used by services that support VPCs, including EC2, RDS, ECS, EKS, ElastiCache, Redshift, and more.

The following CloudTrail events can trigger this detector:

Adding a rule that permits inbound access (CloudTrail event: 'AuthorizeSecurityGroupIngress')
Removing a rule that permits inbound access (CloudTrail event: 'RevokeSecurityGroupIngress')
Adding a rule that permits outbound access (CloudTrail event: 'AuthorizeSecurityGroupEgress')
Removing a rule that permits outbound access (CloudTrail event: 'RevokeSecurityGroupEgress')

Issues are automatically resolved after a configurable period of time (default: 120 minutes), so further changes after that time result in a new issue.

Vendor

AWS

Overview​

Vendor​

Severity​

Overview

Vendor

Severity