Ensure all NACL are attached to subnets

Error: Not all NACL are attached to subnets

Bridgecrew Policy ID: BC_AWS_NETWORKING_50
Checkov Check ID: CKV2_AWS_1
Severity: LOW

Not all NACL are attached to subnets

Description

Network Access Control Lists (NACLs) are used to allow or deny traffic to and from subnets in a Virtual Private Cloud (VPC) in Amazon Web Services (AWS). It's important to ensure that all NACLs are attached to subnets because this allows you to set specific rules for controlling inbound and outbound traffic for those subnets. This can help to improve the security and connectivity of your VPC by allowing you to specify which traffic is allowed to enter or leave your subnets.

Fix - Buildtime

Terraform

  • Resource: aws_vpc, aws_network_acl, aws_subne
  • Argument: subnet_ids of aws_network_acl
resource "aws_vpc" "ok_vpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "main" {
  vpc_id     = aws_vpc.ok_vpc.id
  cidr_block = "10.0.1.0/24"
}

resource "aws_subnet" "main" {
  cidr_block = "10.0.1.0/24"
}

resource "aws_network_acl" "acl_ok" {
  vpc_id = aws_vpc.ok_vpc.id
  subnet_ids = [aws_subnet.main.id]
}