default security group created by stack
cshowersPersonal opened this issue · 2 comments
Our IT department is saying that the tool they use (Wiz) is saying that the default security group the DLT stack creates has inbound and outbound rules and that a default security group should not have that from a security standpoint. Apparently if it was a custom security group it would be OK. Is there a way I could tweak the template to resolve this or another workaround you can think of?
we dont have a default security group. We need to manage inbound outbound rules for our ecs, and for that we do create a new security group. When you deploy the solution, you dont have to manage the ecs and its rules but that doesnt make the security group a default one.
However if it is still a concern, https://docs.aws.amazon.com/solutions/latest/distributed-load-testing-on-aws/deployment.html you can create a VPC with a new custom security group with exact IP addresses same as our default addresses, and then deploy your stack with that VPC as a workaround.
thank you, I've passed this info on to the folks trying to get it how they want