Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Unrestricted ICMP Access Should Not Be Allowed” misconfiguration in AWS using the AWS console, you can follow the below steps:
- Log in to the AWS Management Console and navigate to the EC2 Dashboard.
- Click on the “Security Groups” option from the left-hand menu.
- Select the security group that has unrestricted ICMP access.
- Click on the “Inbound Rules” tab.
- Locate the rule that allows all ICMP traffic (Protocol: ICMP, Port Range: All).
- Click on the “Edit” button for that rule.
- Change the “Source” field to a specific IP range or security group that requires access to ICMP traffic. If you want to allow ICMP traffic from any IP address, you can select “My IP” option.
- Click on the “Save” button to apply the changes.
Using CLI
Using CLI
To remediate the unrestricted ICMP access issue in AWS using AWS CLI, follow these steps:Replace This should return the details of the security group, which should no longer have the ICMP access rule.
- Open the AWS CLI or AWS Management Console.
- Identify the security group that has unrestricted ICMP access. You can use the following command to list all the security groups in your AWS account:
- Once you have identified the security group, use the following command to revoke the ICMP access rule:
<security-group-id> with the ID of the security group that has unrestricted ICMP access.- Verify that the ICMP access rule has been revoked by running the following command:
- Repeat the above steps for all the security groups that have unrestricted ICMP access.
Using Python
Using Python
To remediate the misconfiguration of unrestricted ICMP access in AWS using Python, you can follow these steps:Note: Replace the security_group_ids with the actual security group IDs that allow unrestricted ICMP access.
- Identify the security group(s) that allow unrestricted ICMP access.
- Use the AWS SDK for Python (Boto3) to modify the security group(s) and remove the rule that allows unrestricted ICMP access.