Do not use default settings of a VPC
Error: Uses default settings of a VPC
Bridgecrew Policy ID: BC_AWS_NETWORKING_27
Uses default settings of a VPC
A default VPC is a logically isolated virtual network created automatically for your AWS account when you provision EC2 instances. The default settings of a VPC are not suitable for applications that use multi-tier architectures.
We recommend you create a non-default hardened VPC that suits its specific networking requirements.
Fix - Runtime
- To list the existing default VPCs run a describe-vpcs command to return the ID of the default VPC created in the selected AWS region:
aws ec2 describe-vpcs --region us-east-2 --query 'Vpcs[?(IsDefault==`true`)].VpcId | '
- The command output should return the requested VPC identifier.
- Run the describe-instances command using the ID of the default VPC as a filter parameter and custom query filters to return the IDs of the EC2:
aws ec2 describe-instances --region us-east-1 --filters "Name=vpc-id,Values=vpc-id" --query 'Reservations[*].Instances[*].InstanceId'
- The command output should return the identifiers of the EC2 instances launched within the default VPC, alternatively it will return an empty array.
- To remove default VPCs that are not currently in use, use the delete-vpc command:
aws ec2 delete-vpc --vpc-id vpc-a01106c2
You must detach or delete all gateways and resources that are associated with the VPC before you can delete it.
Updated almost 2 years ago