More Info:

Checks if EC2 instances have several Security Groups attached. Ideally there should be just 1 security group attach to an EC2 instance.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Additional Reading: