Unrestricted traffic tagged when opening all ports for same security groups

[HIMANSHU-ELIGIBLE]

https://github.com/nccgroup/Scout2/blob/master/rules/ec2-security-group-opens-all-ports-to-self.json#L8 tags the rule with "Unrestricted Network Traffic within security group" when all ports for TCP and UDP are open from instances in same security group.

I might be missing something here but I am unable to understand why it is considered as "level:danger" problem when the network is actually restricted to instances belonging to same security group. Would appreciate if you guys can help me understand this if I am missing a point.

Thanks in advance.

[l01cd3v]

The issue is that having security groups that allow all traffic to themselves essentially creates a flat network between all instances that belong to the group. In most environments, this is an unwanted scenario (e.g. you only allow SQL traffic from your web servers to your DB servers).

As far as the level goes, the severity of this type of issues depends on additional things such as what type of instances belong to that security group, is there also a route that allows external traffic? By default, I chose to set it to danger. If this does not fit your needs, you can either disable the rule or change the level to warning.

The existing ruleset creator no longer works with version 2, but I am currently working on a new version that will provide further information for each rule and allow easier customization.