Exclude default security groups from "Security groups should be used actively" rule

Published 25 Feb 2021


The "Security groups should be used actively" rule is available to help organizations manage their use of security groups.

AWS prevents users from deleting the default security groups. To prevent against false positives from being raised because of this, Stax has updated the rule definition. The rule no longer considers default security groups as in-scope, and as such will not cause failures if default security groups are unused.

This change affects the following bundles:

  • EC2 Best Practices (version 1.0)
  • APRA (version 1.0)
  • The custom organization-level rule, if in use

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.

See also


Back to changelog