VOOZH about

URL: https://repost.aws/questions/QUqKNEotUGTrSk081BRk98eQ/can-security-groups-be-changed-automatically

⇱ Can security groups be changed automatically? | AWS re:Post


Skip to content

Can security groups be changed automatically?

0

I noticed today that my users weren't able to log in to my app. I debugged and found that one of my security groups had been changed. It's my RDS security group, which granted port access to three servers and a lambda function. Everything was fineβ€”no changes merged, none deployed, not sure how it is changed.

So, can security groups be changed automatically? This has happened to me twice now, today and yesterday. Yesterday it was another security group. I thought I had made a mistake when updating a few things yesterday, but this time something definitely happened. To my surprise, no one has access to aws except me and my client.

Can I check how it got modified or who changed it last?

Language
English

asked 2 years ago340 views

2 Answers
  • Newest
  • Most votes
  • Most comments
1
Accepted Answer

Only thing I am aware of is if you have a remediation action trigged by a AWS Config rule. So it can be automated, but not "automatic". I suggest you search the Cloudtrail logs to understand how and who changed the SG.

https://repost.aws/knowledge-center/cloudtrail-event-history-changed

EXPERT

reviewed 2 years ago

EXPERT

reviewed 2 years ago

1

Hi,

To understand what happened, you can use CloudTrail where every API call is tracked with who, when, etc.

This will allow you to understand how your sec group changed happened.

See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html for details

Best,

Didier

EXPERT

answered 2 years ago

EXPERT

reviewed 2 years ago