Project Description
Identify and remove default VPCs.
Summary:
AWS creates a default Internet-facing VPC in every region. When launching new instances and other resources, if not otherwise specified it will launch into this network and potentially have Internet access. Removing the default VPC reduces the risk of inadvertently launching something with Internet access, and requires administrators and others to only use approved VPCs. Default VPCs are also commonly leveraged in attacks when the attacker is able to run their own resources.
Supported Issue Types:
A default VPC was found
- A default VPC was found in the region _ region name_.
Supported Actions:
- Remove the VPC
Platform:
Related Articles
Forming the Cloud Security Center of Excellence
We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented [...]
Consolidating Config Guardrails with Aggregators
In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your best bet to make [...]
