Ensure VPC Endpoint has a name tag
In order to control your VPC environment, all the components should have a meaningful name
Risk Level: Low
Cloud Entity: Amazon VPC Endpoints
CloudGuard Rule ID: D9.AWS.OPE.16
Covered by Spectral: Yes
Category: Networking & Content Delivery
GSL LOGIC
VpcEndpoint should have tags contain [key like '%Name%']
REMEDIATION
From Portal
Perform the following to set a Name tag to your VPC Endpoint:
- Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
- On the navigation pane, choose VPC Endpoints.
- Choose the VPC Endpoint for which to add or edit tags.
- Choose the Tags tab in the lower part of the page.
- Choose Manage tags.
- Choose Add new tag.
- Enter a Key and Value for the tag.
- Choose Save.
From TF
resource "aws_ec2_tag" "example" {
resource_id = "VPC_Endpoint_id"
key = "Name"
value = "tag_value"
}
From Command Line
aws ec2 create-tags --resources Endpoint_ID --tags tag_name
References
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
- https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-tags.html
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag
Amazon VPC Endpoints
A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to privately access services by using private IP addresses. Traffic between your VPC and the other service does not leave the Amazon network. A VPC endpoint does not require an internet gateway, virtual private gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ITSG-33
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated over 1 year ago