Rule: VPC Internet Gateways Should Be Attached to Authorized VPC
This rule ensures VPC internet gateways are properly attached to authorized VPC for security compliance.
| Rule | VPC internet gateways should be attached to authorized vpc |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description:
According to the NIST 800-53 Revision 4 security standard, VPC (Virtual Private Cloud) internet gateways should only be attached to authorized VPCs. This rule ensures that network traffic remains secure and isolated within the designated VPCs, preventing unauthorized access to resources and potential security breaches.
Troubleshooting Steps:
If an internet gateway is found attached to an unauthorized VPC, the following troubleshooting steps can be taken:
- 1.Identify the unauthorized VPC: Scan through the list of VPCs within the AWS account to determine which VPC the internet gateway is attached to.
- 2.Verify the authorizations: Check the documentation or consult with the relevant stakeholders to confirm whether the VPC is authorized to have the internet gateway.
- 3.Investigate configuration changes: Review any recent changes in the AWS account, specifically in the VPC and internet gateway configurations.
- 4.Assess network logs: Examine network and traffic logs to identify any unusual or unauthorized activity associated with the VPC or internet gateway.
- 5.Check IAM permissions: Review the IAM (Identity and Access Management) policies and roles assigned to users or groups, ensuring that only authorized users have the necessary permissions to attach an internet gateway to a VPC.
- 6.Conduct security audits: Perform a security audit of the AWS account to identify any potential vulnerabilities or misconfigurations that may have led to the unauthorized attachment of the internet gateway.
Necessary Codes:
There are no specific codes required for this rule. However, the AWS Command Line Interface (CLI) can be used to verify and modify the internet gateway attachments if needed.
Remediation Steps:
To remediate the issue of an unauthorized VPC attachment to a VPC internet gateway, follow these steps:
- 1.Identify the internet gateway and VPC pair that violate the policy.
- 2.Detach the unauthorized VPC from the internet gateway using the AWS CLI command:
Replaceaws ec2 detach-internet-gateway --internet-gateway-id [internet-gateway-id] --vpc-id [vpc-id]
with the actual ID of the internet gateway and[internet-gateway-id]
with the ID of the unauthorized VPC.[vpc-id] - 3.Validate the detachment using the following AWS CLI command:
Verify that the unauthorized VPC is no longer listed as an attachment.aws ec2 describe-internet-gateways --internet-gateway-ids [internet-gateway-id] - 4.Confirm the authorized VPC attachment using the following AWS CLI command:
Ensure that the authorized VPC is correctly attached to the internet gateway.aws ec2 describe-internet-gateways --internet-gateway-ids [internet-gateway-id] - 5.Perform a security audit of the VPC and internet gateway configurations to identify any possible security risks or misconfigurations.
- 6.Regularly monitor and review the VPC and internet gateway attachments to ensure compliance with the authorized VPCs.
Following these steps will remediate the issue, ensuring that only authorized VPCs are attached to the internet gateways in accordance with the NIST 800-53 Revision 4 standard.