Security Group is the firewall of your cloud infrastructure. It provides security to your instances, applications, and resources at protocol and port access levels. You can define the security rules to control the traffic of your VPC and change them at any point in time. Updated rules will be applied to all the instances with which this security group is associated.
Basics of Security groups:
- You can create a limited number of security groups in a VPC with a limited set of rules in a security group.
- Only Deny rule cannot be specified by you. However, allow rules can be.
- You can specify inbound and outbound traffic.
- When you create a security group, it contains only outbound rules which allow all the outbound traffic.
- And security groups are stateful- means if you send a request from your instance, the response traffic for that request can flow in regardless of inbound security group rules.
Any intentional or unintentional change in the rules or adding a hostile IP address to your security group can be a security catastrophe. With so much at risk, it becomes important to keep track of security group changes.
How you can keep track of security group changes with minimal effort?
You can use AWS CloudTrail and CloudWatch events for monitoring and identifying an API call that changes the configuration of the security group in your VPC. It becomes easier to identify the potential security threat in real-time.
CloudTrail keeps a check on the changes and registers them in a log and store that logs into your S3 bucket. It also delivers this log to CloudWatch. CloudWatch matches that change with a filter that you have applied. If CloudWatch finds any change, it will trigger an alarm and send it to SNS (Simple Notification Service), else won’t trigger. As soon as SNS receives the alarm it notifies you on SMS or with the help of an e-mail.
How Centilytics helps you resolve this problem?
Centilytics ensures that a CloudWatch alarm and CloudTrail should be created into your AWS Account. This will ensure that if any security group configuration change is made you will be notified. This practice of implementing CloudWatch alarms for monitoring any configuration changes in the security group can prevent unexpected modifications that may lead to hazardous effects.