AWS-SecurityGroup-Security-Group-Ingress-Filtering-Missing

Severity : High

Description: This controls ensures that security groups are configured with ingress rules to allows traffic from specific sources and does not have empty ingress rule table. Security groups provide stateful filtering ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress. By default, new security groups start with only an outbound rule that allows all traffic to leave the instances. You must add rules to enable any inbound traffic. 

Remediation Steps:

Perform following to update DocumentDB master user name:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to VPC console.

3. In the left pane, click Security Groups.

4. Select the security group reported.

5. Choose Actions, Edit inbound rules.

6. For each rule, choose Add rule and configure required information

   1. In Type, choose the type of protocol to allow.

   2. in  Source, configure one of the custom IP/CIDR, another security Group etc.

7. Choose Preview changes, Save rules.

Important:

Reference:

• What is Amazon EC2? - Amazon Elastic Compute Cloud