Do not report default security group if not in use?

[mchv]

when a VPC is created AWS create a default security group that can't be deleted even if not used.

If this group is not used, I find reporting it adding more noise than being useful.
Not sure what is the best way to report it.

[mchv]

Even without a VPC a default security group is created

[katebee]

Default security group is created when a VPC is created.

By default, it allows ALL traffic from instances that belong to that security group and all incoming traffic. The fact that your default group doesn't have any rule suggests that you deleted the earlier.

AWS doesn't allow deleting default security group because many API call/CLI command allows omitting security group, and AWS need a default security group to place instances with an unassigned security group.

https://security.stackexchange.com/questions/146492/why-cant-i-delete-the-default-aws-security-group

Interesting! This makes me feel that SHQ should red flag that SG if it is being used. If you have a moment @mchv, I would be curious to see the configuration of the specific SG in the AWS console, and the security group as displayed on SHQ. UX has been an iterative process; more feedback is welcome!

This may not be applicable, but it appears some AWS accounts have obtained their green check by added stricter inbound rules to the default group. Would this work?

[mchv]

Thanks @katebee, this is how it was displayed:

I think you suggestion is the right one, I have now remove all inbound rules of the default security group.