Non-Default Security Groups Should Be Attached To Elastic Network Interface
More Info:
Ensure that security groups are attached to elastic network interfaceRisk Level
MediumAddress
Operational Maturity, Reliability, SecurityCompliance Standards
HITRUSTTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Non-Default Security Groups Should Be Attached To Elastic Network Interface” for AWS EC2 using the AWS Management Console, follow these step-by-step instructions:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to EC2 Dashboard: Click on the “Services” dropdown menu at the top left corner, select “EC2” under the Compute section.
- Locate the Elastic Network Interface (ENI): In the EC2 Dashboard, click on “Network Interfaces” in the left-hand navigation pane to locate the relevant ENI that needs to be remediated.
- Identify the Security Group: Select the specific ENI that is associated with the non-default security group that needs to be attached.
- Modify the Security Group: Click on the “Actions” dropdown menu at the top, and select “Change Security Groups”.
- Select the Correct Security Group: In the “Change Security Groups” dialog box, select the correct security group(s) that you want to attach to the ENI. Ensure that you select at least one non-default security group.
- Apply the Changes: Click on the “Save” button to apply the changes and attach the selected security group(s) to the ENI.
- Verify the Configuration: After saving the changes, verify that the non-default security group has been successfully attached to the ENI by checking the details of the ENI.
Using CLI
Using CLI
To remediate the misconfiguration “Non-Default Security Groups Should Be Attached To Elastic Network Interface” for AWS EC2 using AWS CLI, follow these steps:Replace By following these steps, you can remediate the misconfiguration “Non-Default Security Groups Should Be Attached To Elastic Network Interface” for AWS EC2 using AWS CLI.
- List all the Elastic Network Interfaces (ENIs) in your AWS account:
- Identify the ENI that is not attached to a non-default security group and note down its ID.
- List all the security groups in your AWS account:
- Identify the non-default security group that you want to attach to the ENI and note down its ID.
- Attach the non-default security group to the ENI using the following command:
<ENI_ID> with the ID of the ENI and <Security_Group_ID> with the ID of the non-default security group.- Verify that the non-default security group has been successfully attached to the ENI:
Using Python
Using Python
To remediate the misconfiguration of non-default security groups not being attached to Elastic Network Interface (ENI) for AWS EC2 instances using Python, you can follow these steps:
- Install and configure the AWS SDK for Python (Boto3) on your local machine. You can install it using pip:
- Write a Python script to identify EC2 instances with non-default security groups attached to their ENIs. Here’s a sample script that accomplishes this:
- Run the Python script to identify instances with non-default security groups attached to their ENIs. The script will print out the instance IDs and ENI IDs for instances with non-default security groups attached.
-
To remediate the misconfiguration, you can uncomment the remediation steps in the script to attach the default security group to the ENI. This can be done using the
modify_network_interface_attributemethod in Boto3. - Run the script again to apply the remediation steps and ensure that all instances have default security groups attached to their ENIs.