Can security groups be changed automatically?

Question

I noticed today that my users weren't able to log in to my app. I debugged and found that one of my security groups had been changed. It's my RDS security group, which granted port access to three servers and a lambda function. Everything was fine—no changes merged, none deployed, not sure how it is changed.

So, can security groups be changed automatically? This has happened to me twice now, today and yesterday. Yesterday it was another security group. I thought I had made a mistake when updating a few things yesterday, but this time something definitely happened. To my surprise, no one has access to aws except me and my client.

Can I check how it got modified or who changed it last?

Accepted Answer

Only thing I am aware of is if you have a remediation action trigged by a AWS Config rule. So it can be automated, but not "automatic". I suggest you search the Cloudtrail logs to understand how and who changed the SG.

https://repost.aws/knowledge-center/cloudtrail-event-history-changed

Answer

Hi,

To understand what happened, you can use CloudTrail where every API call is tracked with who, when, etc.

This will allow you to understand how your sec group changed happened.

See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html for details

Best,

Didier

Can security groups be changed automatically?

Relevant content