Publicly accessible EC2 instance should not have open administrative ports

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This rule verifies that publicly accessible EC2 instances don’t have opened administrative ports.

Rationale

An EC2 instance is publicly accessible if it exists within infrastructure that could provide an access route from the internet for an attacker.

An EC2 instance with an open administrative port is considered risky.

Remediation

You can use the AWS Reachability Analyzer to identify the path to your EC2 instance that is allowing it to be accessed via the internet. We recommend the following:

  • Do not open your instance security group to the Internet.
  • Do not assign your instance a public IP, this ensures that it is only accessible from within the VPC.

EC2 instances typically do not require an open administrative port. We recommend limiting the open ports attached to the instance.

References

PREVIEWING: alai97/reorganize-some-sections-in-dora-metrics