Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic
Error: AWS route table with VPC peering overly permissive to all traffic
Bridgecrew Policy ID: BC_AWS_NETWORKING_80
Checkov Check ID: CKV2_AWS_44
Severity: HIGH
AWS route table with VPC peering overly permissive to all traffic
Description
This policy identifies VPC route tables with VPC peering connection which are overly permissive to all traffic. Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.
Fix - Buildtime
Terraform
resource "aws_route" "aws_route_pass_1" {
route_table_id = "rtb-4fbb3ac4"
destination_cidr_block = "10.0.1.0/22"
vpc_peering_connection_id = "pcx-45ff3dc1"
}
Updated 5 months ago