6.16 Ensure Routing Table associated with Data tier subnet have NO default route ( defined to allow connectivity


A _route table_ contains a set of rules, called _routes_, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
The default route ( should not exist pointing to the NAT Gateway in order to restrict internet connectivity for the Data tier instances.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Using the Amazon unified command line interface:

* For the above route tables, if the default route ( exists and it has a NAT GW configured as gateway:

* aws ec2 delete-route --route-table-id _<route_table_id>_ --destination-cidr-block

See Also


Item Details


References: 800-53|SC-7(15)

Plugin: amazon_aws

Control ID: 3a4e9fa893eb4f11f87b4056b26fe4687d3581c604fb9eefd7cb2c3b108059fd