AWS EC2 SecurityGroup Modified

This rule monitors for changes to EC2 SecurityGroups.

SecurityGroups limit the flow of traffic within your AWS environment. Changes to SecurityGroup configurations should be closely monitored to ensure that inappropriate or insecure access is not being introduced.

Remediation

If this change was not planned, revert it and investigate the source of the change. Consider modifying permissions to ensure unplanned changes cannot happen again in the future.

References

• CIS AWS Benchmark 3.10: "Ensure a log metric filter and alarm exist for security group changes"