Ensure AWS EC2 instance is configured with VPC

Error: AWS EC2 instance is not configured with VPC

Bridgecrew Policy ID: BC_AWS_NETWORKING_47
Checkov Check ID: CKV2_AWS_17
Severity: MEDIUM

AWS EC2 instance is not configured with VPC

Description

Using the EC2-VPC platform for launching your EC2 instances instead of EC2-Classic can bring several advantages:
Better networking infrastructure (network isolation, Elastic Network Interfaces, subnets)
More flexible security controls (network ACLs, security groups outbound/egress filtering)
Access to newer and powerful instance types (C4, M4, T2, etc)
Capability to run instances on single-tenant hardware

Fix - Buildtime

Terraform

  • Resource: aws_vpc, aws_subnet, aws_network_interface, aws_instance
  • Argument: network_interface of aws_instance
resource "aws_vpc" "my_vpc" {
  cidr_block = "172.16.0.0/16"

  tags = {
    Name = "tf-example"
  }
}

resource "aws_subnet" "my_subnet" {
  vpc_id            = aws_vpc.my_vpc.id
  cidr_block        = "172.16.10.0/24"
  availability_zone = "us-west-2a"

  tags = {
    Name = "tf-example"
  }
}

resource "aws_network_interface" "network_interface_ok" {
  subnet_id   = aws_subnet.my_subnet.id
  private_ips = ["172.16.10.100"]

  tags = {
    Name = "primary_network_interface"
  }
}

resource "aws_instance" "foo" {
  ami           = "ami-005e54dee72cc1d00" # us-west-2
  instance_type = "t2.micro"

  network_interface {
    network_interface_id = aws_network_interface.network_interface_ok.id
    device_index         = 0
  }

  credit_specification {
    cpu_credits = "unlimited"
  }
}