PASSEDcloud / aws_ec2

AWS: EC2 Instance Unreachable — Security Group Modified

An EC2 instance became unreachable after a security group rule was accidentally removed. SSH access also blocked.

Pattern

AWS_CLOUD

Expected: AWS_SECURITY_GROUP

Severity

HIGH

Confidence

68%

Remediation

Auto-Heal

Test Results

Metric	Expected	Actual
Pattern Recognition	AWS_SECURITY_GROUP	AWS_CLOUD
Severity Assessment	CRITICAL	HIGH
Incident Correlation	N/A	None
Cascade Escalation	N/A	No
Remediation	—	Auto-Heal — Corax resolves autonomously

Scenario Conditions

AWS EC2 t3.large in VPC. Security group sg-000001 had port 22,80,443 allowed. Port 22 and 443 rules deleted by team member. Instance running but unreachable.

Injected Error Messages (1)

AWS EC2 unreachable — instance i-000001 running but all connections refused, security group sg-0sg00001 modified 30 min ago, SSH (22) and HTTPS (443) inbound rules removed, only ICMP remains

Neural Engine Root Cause Analysis

AWS cloud infrastructure event detected — an EC2 instance may be unreachable or in a stopped state, an RDS database is experiencing issues, a load balancer has unhealthy targets, or a Lambda function is failing. AWS service disruptions can cascade across dependent resources and affect application availability.

Remediation Plan

1. Check the AWS Health Dashboard and Personal Health Dashboard for any active service events. 2. For EC2 issues, check instance status checks (system and instance), review CloudWatch metrics, and check VPC security group rules. 3. For RDS, verify database instance status, check storage and connection limits, and review slow query logs. 4. For ELB issues, check target group health checks and verify backend instances are responding. 5. For Lambda, review CloudWatch Logs for invocation errors and check IAM permissions and VPC connectivity.

Improvements Applied

Pattern classified as AWS_CLOUD (expected AWS_SECURITY_GROUP)
Severity: HIGH (expected CRITICAL)

Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnr8vb09bflig7d8bck3iw