To ensure the security of your ZooKeeper instances, it is important to limit access to the TCP port 2181 only to authorized entities. Unrestricted inbound access to this port could potentially lead to unauthorized access and compromise the confidentiality and integrity of your data.
To ensure that there is no unrestricted inbound access to TCP port 2181 (ZooKeeper), you should perform the following remediation steps:
Review the security group rules for the ZooKeeper instance to identify any rules that allow unrestricted inbound access to TCP port 2181.
Update the security group rules to restrict inbound access to TCP port 2181 to only the necessary IP addresses or security groups.
Verify that the security group rules have been updated correctly by testing the connection to the ZooKeeper instance from a restricted IP address or security group.
If necessary, repeat steps 1-3 for any other instances that may have unrestricted inbound access to TCP port 2181.
Monitor the security group rules periodically to ensure that there are no changes that could allow unrestricted inbound access to TCP port 2181.