Ensure that address source/destination check is enabled on the instance
This source/destination check can help preventing spoofing or intercept of the traffic. Ignore this issue if you are deploying a NAT instance which requires this setting to be disabled.
Risk Level: Low
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.NET.07
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_EC2_Instance should not have SourceDestCheck=false
REMEDIATION
From CFT
Set AWS::EC2::Instance SourceDestCheck
property to 'true' or remove the property
References
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago