Identify and remove default VPCs.
AWS creates a default Internet-facing VPC in every region. When launching new instances and other resources, if not otherwise specified it will launch into this network and potentially have Internet access. Removing the default VPC reduces the risk of inadvertently launching something with Internet access, and requires administrators and others to only use approved VPCs. Default VPCs are also commonly leveraged in attacks when the attacker is able to run their own resources.
Supported Issue Types:
A default VPC was found
- A default VPC was found in the region _ region name_.
- Remove the VPC
In Quick and Dirty: Building an S3 guardrail with Config we highlighted one of the big problems with Config: you need to set it up in each region of each account. Your best bet to make [...]
In How S3 Buckets Become Public, and the Fastest Way to Find Yours we reviewed the myriad of ways S3 buckets become public and where to look for them. Today I'll show the easiest way [...]