Ensure VPC endpoint service is configured for manual acceptance

Error: VPC endpoint service is not configured for manual acceptance

Bridgecrew Policy ID: BC_AWS_NETWORKING_39
Checkov Check ID: CKV_AWS_123
Severity: LOW

VPC endpoint service is not configured for manual acceptance

Description

Configuring your VPC endpoint service for manual acceptance is recommended because it allows you to review and manually approve or reject incoming connection requests to your VPC. This can be useful for security purposes, as it gives you the ability to review and control which resources are able to connect to your VPC.

By default, VPC endpoint services are configured for automatic acceptance, which means that all incoming connection requests are automatically accepted and allowed to connect to your VPC. Configuring your VPC endpoint service for manual acceptance allows you to review and selectively approve or reject incoming connection requests, giving you more control over who can access your VPC.

Fix - Buildtime

Terraform

  • Resource: aws_vpc_endpoint_service
  • Argument: acceptance_required
resource "aws_vpc_endpoint_service" "example" {
 		...
+   acceptance_required        = true
    network_load_balancer_arns = [aws_lb.example.arn]
 }

CloudFormation

  • Resource: AWS::EC2::VPCEndpointService
  • Argument: Properties.AcceptanceRequired
Type: AWS::EC2::VPCEndpointService
    Properties: 
    	...
+     AcceptanceRequired: true