The "Unused Amazon EC2 security groups should be removed" rule is available to help organizations manage their use of security groups. 

On 27 June 2023, a fix will be released to correct the outdated logic of this rule which may impact related compliance scores.

The following bundles will be affected:

• EC2 Best Practices (version 1.0)
• APRA (versions 1.0, 1.1)
• The custom organization-level rule, if in use

These changes will be applied automatically by Stax. There will be no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.