Ensure all NACL are attached to subnets
Error: Not all NACL are attached to subnets
Bridgecrew Policy ID: BC_AWS_NETWORKING_50
Checkov Check ID: CKV2_AWS_1
Severity: LOW
Not all NACL are attached to subnets
Description
Network Access Control Lists (NACLs) are used to allow or deny traffic to and from subnets in a Virtual Private Cloud (VPC) in Amazon Web Services (AWS). It's important to ensure that all NACLs are attached to subnets because this allows you to set specific rules for controlling inbound and outbound traffic for those subnets. This can help to improve the security and connectivity of your VPC by allowing you to specify which traffic is allowed to enter or leave your subnets.
Fix - Buildtime
Terraform
- Resource: aws_vpc, aws_network_acl, aws_subne
- Argument: subnet_ids of aws_network_acl
resource "aws_vpc" "ok_vpc" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "main" {
vpc_id = aws_vpc.ok_vpc.id
cidr_block = "10.0.1.0/24"
}
resource "aws_subnet" "main" {
cidr_block = "10.0.1.0/24"
}
resource "aws_network_acl" "acl_ok" {
vpc_id = aws_vpc.ok_vpc.id
subnet_ids = [aws_subnet.main.id]
}
Updated 3 months ago