Instances with Direct Connect virtual interface should not have public interfaces
Ensure that instances with direct connect virtual interface do not have public interfaces
Risk Level: Critical
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.NET.27
Covered by Spectral: No
Category: Compute
GSL LOGIC
Instance where vpc.vpnGateways contain [directConnectVirtualInterfaces] should have isPublic=false
REMEDIATION
From Portal
- Login to the AWS Management Console.
- Select direct connect service and go to virtual interfaces tab
- Verify if any public virtual interface is associated with any instance.
- Make sure to fix the configuration to avoid public internet routing through your direct connect interfaces
References
- https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
- For creating private virtual interface: https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- AWS CIS Controls V 8
- AWS CSA CCM v.4.0.1
- AWS CloudGuard Best Practices
- AWS CloudGuard CheckUp
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS CloudGuard Well Architected Framework
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
- CloudGuard AWS Default Ruleset
Updated over 1 year ago