AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Network Firewall Deletion Protection Should Be Enabled
More Info:
Ensure deletion protection is enabled for network firewall rules
Risk Level
High
Address
Security
Compliance Standards
CBP,SEBI
Triage and Remediation
Remediation
To remediate the issue of Network Firewall Deletion Protection not being enabled for AWS EC2 using the AWS console, follow these step-by-step instructions:
-
Login to AWS Console: Go to the AWS Management Console and login to your account.
-
Navigate to EC2 Service: Click on the “Services” dropdown menu at the top left corner and select “EC2” under the Compute section.
-
Select Security Groups: In the EC2 dashboard, click on the “Security Groups” option from the left-hand side menu.
-
Select the Security Group: Identify the security group that you want to enable deletion protection for and click on it to select it.
-
Enable Deletion Protection: In the security group details page, go to the “Actions” dropdown menu at the top and select “Edit inbound rules” or “Edit outbound rules” as per your requirement.
-
Enable Deletion Protection: In the Edit rules page, scroll down to the bottom and locate the “Delete Protection” option. Check the box next to “Protect against accidental deletion” to enable deletion protection for the security group.
-
Save Changes: After enabling deletion protection, click on the “Save rules” button to apply the changes.
By following these steps, you have successfully enabled deletion protection for the selected security group in AWS EC2 using the AWS console.
To remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using AWS CLI, you can follow these steps:
- List all the security groups associated with your EC2 instances to identify the security group that needs to have deletion protection enabled:
aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId,GroupName]'
- Enable deletion protection for the identified security group using the following command. Replace
<security-group-id>with the actual Security Group ID:
aws ec2 modify-security-group-rules --group-id <security-group-id> --no-delete-on-revoke
- Verify that deletion protection has been enabled for the security group by describing the security group attributes:
aws ec2 describe-security-groups --group-ids <security-group-id> --query 'SecurityGroups[*].{GroupName:GroupName,DeletionProtection:DeletionProtection}'
By following these steps, you can remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using AWS CLI.
To remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using Python, you can use the Boto3 library, which is the AWS SDK for Python. Here are the step-by-step instructions to enable deletion protection for network firewalls associated with EC2 instances:
-
Install Boto3 library: Ensure you have the Boto3 library installed. You can install it using pip:
pip install boto3 -
Write a Python script to enable deletion protection for network firewalls: Create a Python script (e.g.,
enable_firewall_deletion_protection.py) with the following code:import boto3 # Initialize the EC2 client ec2_client = boto3.client('ec2') # Get all the network interfaces associated with EC2 instances response = ec2_client.describe_instances() for reservation in response['Reservations']: for instance in reservation['Instances']: for interface in instance['NetworkInterfaces']: # Get the network interface ID network_interface_id = interface['NetworkInterfaceId'] # Enable deletion protection for the network interface ec2_client.modify_network_interface_attribute( NetworkInterfaceId=network_interface_id, DeletionProtection={'Value': True} ) print(f"Deletion protection enabled for network interface {network_interface_id}") -
Configure AWS credentials: Ensure that your AWS credentials are configured either through environment variables, AWS CLI configuration, or IAM roles.
-
Run the Python script: Execute the Python script using the following command:
python enable_firewall_deletion_protection.py
By following these steps, you can use Python and Boto3 to enable deletion protection for network firewalls associated with EC2 instances in AWS, thereby remediating the misconfiguration.