Detections
Analytics

Ensure default VPC is not used for AWS VPC

MEDIUM

Description

Often times, there is a public subnet included in each regional VPC as well as default routes and access control lists. It is recommended to configure a new VPC with organization-specific settings and security in mind. To learn more about what is included in a default VPC, see the AWS documentation.
References:
https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html

Remediation

AWS accounts created since 2013 have had a default VPC created as well. This is not something that can be removed from AWS altogether, but it can be removed from Terraform resources.

In Terraform -

  1. Running terraform destroy on a aws_default_vpc resource will note delete it from AWS but it will remove it from Terraform. After running the destroy, remove any aws_default_vpc resource that exists in the main Terraform file(s).

References:
https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc

Policy Details

Rule Reference ID: AC_AWS_0370
CSP: AWS
Remediation Available: No
Domain: Security Best Practices
Resource: aws_vpc
Resource Category: Virtual Network
Resource Type: Virtual Private Cloud (VPC)

Frameworks