Security Group Name Prefixed With launch-wizard Should Not Be Used

More Info:

EC2 security groups prefixed with launch-wizard should not be in use in order to follow AWS security best practices.

Risk Level

Low

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Security Group Name Prefixed With launch-wizard Should Not Be Used” for AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine or on the AWS EC2 instance.
Run the following command to list all the security groups in your account:
```
aws ec2 describe-security-groups
```
Identify the security group that has a name prefixed with “launch-wizard”.
Run the following command to rename the security group:
```
aws ec2 update-security-group-name --group-id <security-group-id> --group-name <new-security-group-name>
```
Replace <security-group-id> with the ID of the security group that you want to rename, and <new-security-group-name> with a new name for the security group that does not have “launch-wizard” prefix. For example:
```
aws ec2 update-security-group-name --group-id sg-0123456789abcdef0 --group-name my-security-group
```
Verify that the security group has been renamed successfully by running the following command:
```
aws ec2 describe-security-groups --group-ids <security-group-id>
```
Replace <security-group-id> with the ID of the security group that you have renamed. The output should show the new name of the security group.

Using Python

To remediate the security group name prefixed with launch-wizard in AWS using Python, you can follow the below steps:

Import the required modules:

import boto3

Connect to the AWS account:

client = boto3.client('ec2')

Get all the security groups:

response = client.describe_security_groups()

Loop through all the security groups and check if the name is prefixed with launch-wizard:

for sg in response['SecurityGroups']:
    if sg['GroupName'].startswith('launch-wizard'):
        # Delete the security group
        client.delete_security_group(GroupId=sg['GroupId'])

The above code will delete all the security groups that have a name prefixed with launch-wizard. If you want to rename the security group, you can use the below code:

for sg in response['SecurityGroups']:
    if sg['GroupName'].startswith('launch-wizard'):
        new_name = sg['GroupName'].replace('launch-wizard', 'new-name')
        # Rename the security group
        client.update_security_group_name_description(GroupId=sg['GroupId'], GroupName=new_name, Description='New Description')

The above code will rename all the security groups that have a name prefixed with launch-wizard to new-name. You can also update the description of the security group as per your requirement.

Note: Before deleting or renaming the security group, make sure that it is not being used by any instances or services.

Additional Reading:

https://docs.aws.amazon.com/launchwizard/latest/userguide/launch-wizard-sap-security-groups.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Security Group Name Prefixed With launch-wizard Should Not Be Used

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: