More
AWS Foundational Security Best Practice
The VPC default security group should not allow inbound and outbound traffic
This AWS control checks that the default security group of a VPC does not allow inbound or outbound traffic.