Ensure default security groups are not in use by VPC Endpoints

Security & Compliance

When creating VPC Endpoints in AWS, it is important to ensure that the default security groups are not used, as they allow unrestricted inbound access from within the VPC. This can lead to security risks, as any resources attached to these endpoints may be vulnerable to malicious traffic. Instead, it is recommended to create new security groups with specific rules tailored to the needs of each VPC Endpoint. This helps to ensure that only authorized traffic is allowed and that security risks are minimized.


Here are the remediation steps for ensuring default security groups are not in use by VPC Endpoints:

  1. Go to the Amazon VPC Console.
  2. Navigate to the "Endpoints" page and select the endpoint that is using the default security group.
  3. Click on the "Actions" dropdown menu and select "Modify Network Interface".
  4. In the "Security groups" section, remove the default security group and add a custom security group with the appropriate inbound and outbound rules.
  5. Click on "Save changes".

Repeat these steps for any other VPC Endpoints that are using the default security group. It is recommended to create a custom security group with specific rules that meet your organization's security requirements rather than using the default security group.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.