Rule: VPC Internet Gateways Should Be Attached to Authorized VPC
This rule ensures VPC internet gateways are only attached to authorized VPCs for security.
| Rule | VPC internet gateways should be attached to authorized vpc |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Rule Description
According to the RBI Cyber Security Framework, VPC (Virtual Private Cloud) internet gateways should only be attached to authorized VPCs (Virtual Private Clouds). This rule ensures that only specified VPCs are able to access the internet through the internet gateway and helps minimize the risk of unauthorized network access.
Troubleshooting Steps
If there are any issues related to VPC internet gateways or their attachment to authorized VPCs, follow these troubleshooting steps:
- 1.
Verify VPC Configuration: Check if the VPC is properly configured and that it meets the necessary requirements outlined by the RBI Cyber Security Framework.
- 2.
Check Internet Gateway Attachments: Ensure that the internet gateway is attached to the correct VPC. Validate if it is associated with the authorized VPCs as defined by the RBI Cyber Security Framework.
- 3.
Review Gateway Route Tables: Verify the route tables associated with the VPC. Check if the internet gateway is correctly added as a route target to allow outbound internet traffic.
- 4.
Audit Network Access Control Lists (ACLs): Inspect the network ACLs associated with the VPC to ensure that they do not block the appropriate inbound or outbound traffic required for internet access.
- 5.
Verify Security Group Rules: Review the security group rules for the resources within the VPC to check if they allow necessary outbound traffic. Make sure the rules align with the requirements defined by the RBI Cyber Security Framework.
- 6.
Check Subnet Associations: Ensure that the subnets associated with the VPC have the necessary route table entries to direct traffic to the internet gateway.
- 7.
Examine VPC Peering Connections: If VPC peering is implemented, confirm that it does not interfere with the authorized VPCs' access to the internet gateway.
- 8.
Contact Network Administrator: If troubleshooting steps do not resolve the issue, reach out to your network administrator or IT support for further assistance.
Necessary Code
No specific code snippets are required for this rule, as it primarily involves VPC and internet gateway configuration within a cloud provider like AWS or Azure.
Remediation Steps
To ensure compliance with the RBI Cyber Security Framework by attaching VPC internet gateways to authorized VPCs, follow these steps:
- 1.
Identify Authorized VPCs: Determine the VPCs that have been approved or authorized for internet access as per the RBI Cyber Security Framework.
- 2.
Attach Internet Gateway: In your cloud provider's management console or using the appropriate API command, attach the internet gateway to the desired VPC. Ensure that you select the correct VPC during this process.
- 3.
Update Route Tables: Modify the VPC's route tables to include a route that directs outbound traffic to the attached internet gateway. This allows the VPC to access the internet.
- 4.
Verify Connectivity: Validate that instances within the authorized VPCs now have internet connectivity. Test the connectivity by accessing external resources or performing a ping test.
- 5.
Repeat for Additional VPCs: If there are multiple authorized VPCs that require internet access, repeat steps 2 to 4 for each VPC.
- 6.
Regularly Review and Audit: Periodically review the VPC configurations and internet gateway attachments to ensure continued compliance with the RBI Cyber Security Framework.
Note: The above remediation steps may vary depending on the cloud provider and specific tools being used. Consult your cloud provider's documentation and guidelines for the exact commands or procedures to implement VPC internet gateway attachments.