An AWS security group controls the traffic inbound and outbound for AWS resources. For example, after you associate a security group with an EC2 instance, it controls the inbound and outbound traffic for the instance.
Lucidum allows you to continuously audit and limit AWS security groups. With Luciudm, you can find unused security groups, monitor the creation and deletion of security groups, and limit open inbound ports.
Security Group Overview (Inbound) #
A custom dashboard, the Security Group Overview (Inbound) dashboard, displays information about the security policies for inbound traffic to AWS instances. Security groups specify the allowed protocol, port range, and source IP for inbound traffic.
The Security Group Overview (Inbound) dashboard looks like this:
The Security Groups Overview (Inbound) includes:
-
Security Groups Total. Total number of AWS security groups.
-
Inbound with Port Restrictions. Number of security groups that allow all IP addresses but restrict inbound traffic by port.
-
Inbound No Port Restrictions. Number of security groups that allow all IP addresses and do not restrict inbound traffic by port.
-
Inbound Listing. All security groups for inbound traffic, including the associated cloud account, the security group name, the IP range allowed, the allowed ports, and the VPC ID.
-
Security Groups Total by Cloud Account. Number of security groups for each cloud account.
-
Inbound with Port Restrictions by Cloud Account. Number of security groups that allow all IP addresses but restrict inbound traffic by port, by cloud account.
-
Inbound No Port Restrictions by Cloud Account. Number of security groups that allow all IP addresses and do not restrict inbound traffic by port, by cloud account.
-
Security Group Ports & Port Ranges. Number of security group by allowed ports.
-
SG Tag Coverage. Security groups that are tagged and untagged.
-
SG Tag Coverage Keys. For each tagged security group, its associated cloud account and tag/key pair.
