6.15 Ensure Routing Table associated with App tier subnet have the default route ( defined to allow connectivity


A _route table_ contains a set of rules, called _routes_, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
The default route ( should be pointing to the NAT Gateway in order to provide internet connectivity for the App tier instances.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Using the Amazon unified command line interface:

* For the above route tables, if the default route ( exists but it doesn't have a NAT GW configured as gateway:

* aws ec2 replace-route --route-table-id _<route_table_id>_ --destination-cidr-block --gateway-id _<vpc_nat_gw>_

* For the above route tables, if the default route ( doesn't exist:

* aws ec2 create-route --route-table-id _<route_table_id>_ --destination-cidr-block --gateway-id _<vpc_nat_gw>_

See Also


Item Details


References: 800-53|SC-7(15)

Plugin: amazon_aws

Control ID: 4bf996c7c7226f773c93f7fd0d9e9954988c0e736a807669e40b638657fdf515