More Info:

EC2 security groups prefixed with launch-wizard should not be in use in order to follow AWS security best practices.

Risk Level

Low

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Here are the step by step instructions to remediate the “Security Group Name Prefixed With launch-wizard Should Not Be Used” misconfiguration in AWS using the AWS console:
  1. Log in to the AWS Management Console.
  2. Go to the EC2 Dashboard.
  3. Click on the “Security Groups” option in the left-hand menu.
  4. Identify the security group(s) that have a name prefixed with “launch-wizard”.
  5. Select the security group(s) that need to be remediated.
  6. Click on the “Actions” button, and then select “Edit Group Name”.
  7. Rename the security group(s) to a more descriptive and meaningful name that does not include the “launch-wizard” prefix.
  8. Click on the “Save” button to save the changes.
Once you have completed these steps, the security group(s) will no longer have a name prefixed with “launch-wizard”, and the misconfiguration will be remediated.

To remediate the misconfiguration “Security Group Name Prefixed With launch-wizard Should Not Be Used” for AWS using AWS CLI, follow these steps:
  1. Open the AWS CLI on your local machine or on the AWS EC2 instance.
  2. Run the following command to list all the security groups in your account: 
    aws ec2 describe-security-groups
  3. Identify the security group that has a name prefixed with “launch-wizard”.
  4. Run the following command to rename the security group: 
    aws ec2 update-security-group-name --group-id <security-group-id> --group-name <new-security-group-name>
    Replace <security-group-id> with the ID of the security group that you want to rename, and <new-security-group-name> with a new name for the security group that does not have “launch-wizard” prefix. For example: 
    aws ec2 update-security-group-name --group-id sg-0123456789abcdef0 --group-name my-security-group
  5. Verify that the security group has been renamed successfully by running the following command: 
    aws ec2 describe-security-groups --group-ids <security-group-id>
    Replace <security-group-id> with the ID of the security group that you have renamed. The output should show the new name of the security group.
To remediate the security group name prefixed with launch-wizard in AWS using Python, you can follow the below steps:
  1. Import the required modules:
import boto3
  1. Connect to the AWS account:
client = boto3.client('ec2')
  1. Get all the security groups:
response = client.describe_security_groups()
  1. Loop through all the security groups and check if the name is prefixed with launch-wizard:
for sg in response['SecurityGroups']:
    if sg['GroupName'].startswith('launch-wizard'):
        # Delete the security group
        client.delete_security_group(GroupId=sg['GroupId'])
  1. The above code will delete all the security groups that have a name prefixed with launch-wizard. If you want to rename the security group, you can use the below code:
for sg in response['SecurityGroups']:
    if sg['GroupName'].startswith('launch-wizard'):
        new_name = sg['GroupName'].replace('launch-wizard', 'new-name')
        # Rename the security group
        client.update_security_group_name_description(GroupId=sg['GroupId'], GroupName=new_name, Description='New Description')
  1. The above code will rename all the security groups that have a name prefixed with launch-wizard to new-name. You can also update the description of the security group as per your requirement.
Note: Before deleting or renaming the security group, make sure that it is not being used by any instances or services.

Additional Reading: