Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a New Security Group for Resources Instead of Using the Default Security Group #267

Open
mizukiEndo-relic opened this issue May 23, 2024 · 1 comment
Open

Create a New Security Group for Resources Instead of Using the Default Security Group #267

mizukiEndo-relic opened this issue May 23, 2024 · 1 comment
Assignees
@bassemwanis
Labels
enhancement New feature or request

Comments

@mizukiEndo-relic
Copy link

Is your feature request related to a problem? Please describe.

Yes, there is a problem when resources use the default Security Group in accounts that have the AWS Config remediation action "AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules" enabled. This remediation action removes the rules from the default Security Group, which can cause resources using it to become inaccessible.

Describe the feature you'd like

To address this issue, I would like to request a feature where a new Security Group is created specifically for the resources that currently use the default Security Group. Instead of relying on the default Security Group, these resources should be configured to use the newly created Security Group.
By implementing this feature, resources will not be affected by the AWS Config remediation action that removes rules from the default Security Group. This will ensure that the resources remain accessible and functional, even in accounts with the remediation action enabled.

Additional context

It is important to note that the AWS Config remediation action "AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules" is designed to enhance security by removing rules from the default Security Group. However, this can inadvertently cause issues for resources that rely on the default Security Group.
By creating a new Security Group and assigning it to the affected resources, we can maintain the desired security posture while ensuring that the resources continue to function properly. This approach allows us to adhere to security best practices without causing disruption to the existing infrastructure.
Please consider implementing this feature to provide a smoother experience for users who have the AWS Config remediation action enabled in their accounts. If you require any further information or clarification, please let me know.
@mizukiEndo-relic mizukiEndo-relic added the enhancement New feature or request label May 23, 2024
@bassemwanis
Copy link
Member

Thank you @mizukiEndo-relic, for requesting this enhancement. We've added it to our backlog and will evaluate adding it to a future release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bassemwanis bassemwanis

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mizukiEndo-relic @bassemwanis