Create a New Security Group for Resources Instead of Using the Default Security Group

Is your feature request related to a problem? Please describe.

Yes, there is a problem when resources use the default Security Group in accounts that have the AWS Config remediation action "AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules" enabled. This remediation action removes the rules from the default Security Group, which can cause resources using it to become inaccessible.

Describe the feature you'd like

To address this issue, I would like to request a feature where a new Security Group is created specifically for the resources that currently use the default Security Group. Instead of relying on the default Security Group, these resources should be configured to use the newly created Security Group. By implementing this feature, resources will not be affected by the AWS Config remediation action that removes rules from the default Security Group. This will ensure that the resources remain accessible and functional, even in accounts with the remediation action enabled.

Additional context

It is important to note that the AWS Config remediation action "AWSConfigRemediation-RemoveVPCDefaultSecurityGroupRules" is designed to enhance security by removing rules from the default Security Group. However, this can inadvertently cause issues for resources that rely on the default Security Group. By creating a new Security Group and assigning it to the affected resources, we can maintain the desired security posture while ensuring that the resources continue to function properly. This approach allows us to adhere to security best practices without causing disruption to the existing infrastructure. Please consider implementing this feature to provide a smoother experience for users who have the AWS Config remediation action enabled in their accounts. If you require any further information or clarification, please let me know.

aws-solutions / virtual-waiting-room-on-aws