lacework-global-150
Security Group should not allow inbound traffic from all to TCP port 9200 or 9300 (Opensearch/Elasticsearch)
Description
Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that no security group allows unrestricted ingress access to your AWS resources via TCP ports 9200 or 9300 (Opensearch/Elasticsearch) to prevent any unauthorized access.
Remediation
Sign in to the AWS Management Console.
Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
In the left navigation panel, under NETWORK & SECURITY section, choose Security Groups.
Select the EC2 security group that you want to examine.
Select the Inbound rules tab from the dashboard bottom panel.
Verify the value available in the Source column for any inbound/ingress rules with a port range that includes 9200 or 9300, or where a port is not specified but all protocols are allowed. If one or more rules have the source set to 0.0.0.0/0, the selected security group allows unrestricted traffic to ports 9200 or 9300, therefore the access to the EC2 instance(s) associated with the security group is not restricted.
To update the Source field to a range other than 0.0.0.0/0, select the 'Security group rule ID' you want to change, and click 'Edit inbound rules'.
From here you can set the new Source field range, and click 'Save rules' to save the changes.
It is also possible to remove the offending inbound rule completely by following the above steps, and instead of updating the Source field range, click 'Delete' followed by 'Save rules'.