Terraform Using Default Security Group

Description

Identifies AWS EC2 instances and launch templates that are configured to use the default VPC security group instead of a custom-defined security group. Using default security groups is a security risk as they may have overly permissive rules that could expose EC2 instances to unauthorized network access.

Weakness:

177 - Insecure service configuration - Security Groups

Category: Functionality Abuse

Detection Strategy

• Search for AWS EC2 instance and launch template resource definitions in infrastructure code

• Check if the resource configuration includes explicit security group assignments

• Flag resources as vulnerable if they do not specify custom security groups, indicating default security group usage

• Report security group configuration issues for each affected EC2 resource

Vulnerable code example

resource "aws_instance" "example" {
  ami           = "ami-12345678" # Vulnerable: Instance can be publicly accessible
  instance_type = "t2.micro"
  associate_public_ip_address = true  # Vulnerable: Explicitly enables public access
}

✅ Secure code example

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"
  
  # Disable public IP assignment for better security
  associate_public_ip_address = false
  
  # Associate with a VPC subnet and security groups for network isolation...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.