6.11 Ensure a route table for the public subnets is created

Information

A _route table_ contains a set of rules, called _routes_, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
Once a route table for the public subnet is created, all the subnets which should be public in the Web ELB tier can be associated with the public subnet.

The private subnet should only contain the default route (0.0.0.0/0) pointing to the Internet Gateway (IGW).

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified command line interface:

* Create a route table for your public subnets, and note the RouteTableId in the output:

aws ec2 create-route-table --vpc-id <application_vpc>

* Associate the new route table with the public subnets:

aws ec2 associate-route-table --route-table-id <route_table_id> --subnet-id <public_subnet1>
aws ec2 associate-route-table --route-table-id <route_table_id> --subnet-id <public_subnet2>

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(15)

Plugin: amazon_aws

Control ID: eafa2d52b020b9c21cfc22112285c6121f3b55f825b3a747d0a0f893bf46dbb8