Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic

Error: AWS route table with VPC peering overly permissive to all traffic

Bridgecrew Policy ID: BC_AWS_NETWORKING_80
Checkov Check ID: CKV2_AWS_44
Severity: HIGH

AWS route table with VPC peering overly permissive to all traffic

Description

This policy identifies VPC route tables with VPC peering connection which are overly permissive to all traffic. Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Fix - Buildtime

Terraform

resource "aws_route" "aws_route_pass_1" {
  route_table_id            = "rtb-4fbb3ac4"
  destination_cidr_block    = "10.0.1.0/22"
  vpc_peering_connection_id = "pcx-45ff3dc1"
}