Publicly accessible EC2 instance should not have open administrative ports

ec2
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This rule verifies that publicly accessible EC2 instances don’t have opened administrative ports.

Rationale

An EC2 instance is publicly accessible if it exists within infrastructure that could provide an access route from the internet for an attacker.

An EC2 instance with an open administrative port is considered risky.

Remediation

You can use the AWS Reachability Analyzer to identify the path to your EC2 instance that is allowing it to be accessed via the internet. We recommend the following:

  • Do not open your instance security group to the Internet.
  • Do not assign your instance a public IP, this ensures that it is only accessible from within the VPC.

EC2 instances typically do not require an open administrative port. We recommend limiting the open ports attached to the instance.

References