From ac1ad44caa62666f85d14eda295bc6af2c11b379 Mon Sep 17 00:00:00 2001 From: akash1810 Date: Thu, 27 Nov 2025 13:41:13 +0000 Subject: [PATCH] feat(report): Remove VPCSecurityGroup from EC2 instances The `VPCSecurityGroup` group allows ingress and egress to/from 0.0.0.0/0 on all protocols and ports. The ASG is configured to launch instances in the VPC's private subnets (i.e. not routable from the internet) and the launch template explicitly sets `AssociatePublicIpAddress` to false. That is, there is no route from 0.0.0.0/0 to the EC2 instance; `VPCSecurityGroup` being attached to the EC2 instance has no effect and can be removed. --- report/conf/report.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/report/conf/report.yaml b/report/conf/report.yaml index f6d041326..9547d6237 100644 --- a/report/conf/report.yaml +++ b/report/conf/report.yaml @@ -36,9 +36,6 @@ Parameters: - CODE - PROD Description: Environment name - VPCSecurityGroup: - Type: AWS::EC2::SecurityGroup::Id - Description: The default security group of the VPC VpcId: Type: AWS::EC2::VPC::Id Description: The VPC @@ -268,7 +265,6 @@ Resources: InstanceType: !FindInMap [StageVariables, !Ref Stage, InstanceType] SecurityGroups: - !Ref InstanceSecurityGroup - - !Ref VPCSecurityGroup MetadataOptions: HttpTokens: required UserData: