Security Groups Audit
Checks performed
- Unused Virtual Private Gateways Should Be Removed
- Flow Logs on VPC Should Be Enabled
- Flow Logs Should be Enabled on Subnet
- Unused Network ACLs Should Be Removed
- Unused Security Groups Should Be Removed
- Default Security Groups Should Not Allow Unrestricted Inbound Access
- Default Security Groups Should Block All Traffic
- Default Security Group Should Not Be Publicly Accessible
- Excessive Number of Security Groups Should Not Be Present
- EC2 instances Should Not Be Publicly Accessible
- Ports Should Not Be Open for External Traffic
- Ports Should Not Be Open for Internal Traffic
- EC2 Instance Should Not Have Open ICMP ports
- RDS Instances Should Not Be Publicly Accessible
- Redshift Should Not Be Publicly Accessible
- MQ Broker Should Not Be Publicly Accessible