AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Security Group Name Prefixed With launch-wizard Should Not Be Used
More Info:
EC2 security groups prefixed with launch-wizard should not be in use in order to follow AWS security best practices.
Risk Level
Low
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
Here are the step by step instructions to remediate the “Security Group Name Prefixed With launch-wizard Should Not Be Used” misconfiguration in AWS using the AWS console:
- Log in to the AWS Management Console.
- Go to the EC2 Dashboard.
- Click on the “Security Groups” option in the left-hand menu.
- Identify the security group(s) that have a name prefixed with “launch-wizard”.
- Select the security group(s) that need to be remediated.
- Click on the “Actions” button, and then select “Edit Group Name”.
- Rename the security group(s) to a more descriptive and meaningful name that does not include the “launch-wizard” prefix.
- Click on the “Save” button to save the changes.
Once you have completed these steps, the security group(s) will no longer have a name prefixed with “launch-wizard”, and the misconfiguration will be remediated.
To remediate the misconfiguration “Security Group Name Prefixed With launch-wizard Should Not Be Used” for AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine or on the AWS EC2 instance.
-
Run the following command to list all the security groups in your account:
aws ec2 describe-security-groups -
Identify the security group that has a name prefixed with “launch-wizard”.
-
Run the following command to rename the security group:
aws ec2 update-security-group-name --group-id <security-group-id> --group-name <new-security-group-name>Replace
<security-group-id>with the ID of the security group that you want to rename, and<new-security-group-name>with a new name for the security group that does not have “launch-wizard” prefix.For example:
aws ec2 update-security-group-name --group-id sg-0123456789abcdef0 --group-name my-security-group -
Verify that the security group has been renamed successfully by running the following command:
aws ec2 describe-security-groups --group-ids <security-group-id>Replace
<security-group-id>with the ID of the security group that you have renamed.The output should show the new name of the security group.
To remediate the security group name prefixed with launch-wizard in AWS using Python, you can follow the below steps:
- Import the required modules:
import boto3
- Connect to the AWS account:
client = boto3.client('ec2')
- Get all the security groups:
response = client.describe_security_groups()
- Loop through all the security groups and check if the name is prefixed with
launch-wizard:
for sg in response['SecurityGroups']:
if sg['GroupName'].startswith('launch-wizard'):
# Delete the security group
client.delete_security_group(GroupId=sg['GroupId'])
- The above code will delete all the security groups that have a name prefixed with
launch-wizard. If you want to rename the security group, you can use the below code:
for sg in response['SecurityGroups']:
if sg['GroupName'].startswith('launch-wizard'):
new_name = sg['GroupName'].replace('launch-wizard', 'new-name')
# Rename the security group
client.update_security_group_name_description(GroupId=sg['GroupId'], GroupName=new_name, Description='New Description')
- The above code will rename all the security groups that have a name prefixed with
launch-wizardtonew-name. You can also update the description of the security group as per your requirement.
Note: Before deleting or renaming the security group, make sure that it is not being used by any instances or services.