Ensure VPC endpoint service is configured for manual acceptance
Error: VPC endpoint service is not configured for manual acceptance
Bridgecrew Policy ID: BC_AWS_NETWORKING_39
Checkov Check ID: CKV_AWS_123
Severity: LOW
VPC endpoint service is not configured for manual acceptance
Description
Configuring your VPC endpoint service for manual acceptance is recommended because it allows you to review and manually approve or reject incoming connection requests to your VPC. This can be useful for security purposes, as it gives you the ability to review and control which resources are able to connect to your VPC.
By default, VPC endpoint services are configured for automatic acceptance, which means that all incoming connection requests are automatically accepted and allowed to connect to your VPC. Configuring your VPC endpoint service for manual acceptance allows you to review and selectively approve or reject incoming connection requests, giving you more control over who can access your VPC.
Fix - Buildtime
Terraform
- Resource: aws_vpc_endpoint_service
- Argument: acceptance_required
resource "aws_vpc_endpoint_service" "example" {
...
+ acceptance_required = true
network_load_balancer_arns = [aws_lb.example.arn]
}
CloudFormation
- Resource: AWS::EC2::VPCEndpointService
- Argument: Properties.AcceptanceRequired
Type: AWS::EC2::VPCEndpointService
Properties:
...
+ AcceptanceRequired: true
Updated about 1 month ago