Ensure VPC Endpoint has a name tag

In order to control your VPC environment, all the components should have a meaningful name.

Risk Level: Low
Cloud Entity: Amazon VPC Endpoints
CloudGuard Rule ID: D9.TF.AWS.OPE.16
Covered by Spectral: No
Category: Networking & Content Delivery


aws_vpc_endpoint should have tags.Name


Perform the following to set a Name tag to your VPC Endpoint:

From Portal

  1. Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Choose Endpoints
  3. Move your mouse to the name field, click the edit logo.
  4. Choose informational and meaningful name.

From CLI
aws ec2 create-tags --resources <Endpoint ID> --tags Name = <Meaningful name>

CLI: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-tags.html

Amazon VPC Endpoints

A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to privately access services by using private IP addresses. Traffic between your VPC and the other service does not leave the Amazon network. A VPC endpoint does not require an internet gateway, virtual private gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service.

Compliance Frameworks

  • Terraform AWS CIS Foundations