Network Firewall Deletion Protection Should Be Enabled

More Info:

Ensure deletion protection is enabled for network firewall rules

Risk Level

High

Address

Security

Compliance Standards

CBP,SEBI

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using AWS CLI, you can follow these steps:

List all the security groups associated with your EC2 instances to identify the security group that needs to have deletion protection enabled:

aws ec2 describe-instances --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId,GroupName]'

Enable deletion protection for the identified security group using the following command. Replace <security-group-id> with the actual Security Group ID:

aws ec2 modify-security-group-rules --group-id <security-group-id> --no-delete-on-revoke

Verify that deletion protection has been enabled for the security group by describing the security group attributes:

aws ec2 describe-security-groups --group-ids <security-group-id> --query 'SecurityGroups[*].{GroupName:GroupName,DeletionProtection:DeletionProtection}'

By following these steps, you can remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using AWS CLI.

Using Python

To remediate the misconfiguration of Network Firewall Deletion Protection not being enabled for AWS EC2 instances using Python, you can use the Boto3 library, which is the AWS SDK for Python. Here are the step-by-step instructions to enable deletion protection for network firewalls associated with EC2 instances:

Install Boto3 library: Ensure you have the Boto3 library installed. You can install it using pip:
```
pip install boto3
```

Write a Python script to enable deletion protection for network firewalls: Create a Python script (e.g., enable_firewall_deletion_protection.py) with the following code:

import boto3

# Initialize the EC2 client
ec2_client = boto3.client('ec2')

# Get all the network interfaces associated with EC2 instances
response = ec2_client.describe_instances()
for reservation in response['Reservations']:
    for instance in reservation['Instances']:
        for interface in instance['NetworkInterfaces']:
            # Get the network interface ID
            network_interface_id = interface['NetworkInterfaceId']
            
            # Enable deletion protection for the network interface
            ec2_client.modify_network_interface_attribute(
                NetworkInterfaceId=network_interface_id,
                DeletionProtection={'Value': True}
            )
            print(f"Deletion protection enabled for network interface {network_interface_id}")

Configure AWS credentials: Ensure that your AWS credentials are configured either through environment variables, AWS CLI configuration, or IAM roles.
Run the Python script: Execute the Python script using the following command:
```
python enable_firewall_deletion_protection.py
```

By following these steps, you can use Python and Boto3 to enable deletion protection for network firewalls associated with EC2 instances in AWS, thereby remediating the misconfiguration.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Network Firewall Deletion Protection Should Be Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation