Can security groups be changed automatically?
I noticed today that my users weren't able to log in to my app. I debugged and found that one of my security groups had been changed. It's my RDS security group, which granted port access to three servers and a lambda function. Everything was fineβno changes merged, none deployed, not sure how it is changed.
So, can security groups be changed automatically? This has happened to me twice now, today and yesterday. Yesterday it was another security group. I thought I had made a mistake when updating a few things yesterday, but this time something definitely happened. To my surprise, no one has access to aws except me and my client.
Can I check how it got modified or who changed it last?
- Tags
- Security Group
- Language
- English
asked 2 years ago340 views
- Newest
- Most votes
- Most comments
Only thing I am aware of is if you have a remediation action trigged by a AWS Config rule. So it can be automated, but not "automatic". I suggest you search the Cloudtrail logs to understand how and who changed the SG.
https://repost.aws/knowledge-center/cloudtrail-event-history-changed
Hi,
To understand what happened, you can use CloudTrail where every API call is tracked with who, when, etc.
This will allow you to understand how your sec group changed happened.
See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html for details
Best,
Didier
Relevant content
- Accepted Answer
asked 3 years ago
