EC2 Instance Using Default VPC

  • Query id: 8833f180-96f1-46f4-9147-849aafa56029
  • Query name: EC2 Instance Using Default VPC
  • Platform: Ansible
  • Severity: Low
  • Category: Networking and Firewall
  • URL: Github

Description

EC2 Instances should not be configured under a default VPC network
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: example
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t2.micro
    image: ami-123456
    wait: yes
    count: 3
    vpc_subnet_id: "{{ my_subnet.subnet.id }}"
    assign_public_ip: yes
- name: Create subnet for database server
  amazon.aws.ec2_vpc_subnet:
    state: present
    vpc_id: "{{ defaultVPC.vpcs.0.id }}"
    cidr: 10.0.1.16/28
    tags:
      Name: Database Subnet
  register: my_subnet

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: example2
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t2.micro
    image: ami-123456
    wait: yes
    count: 3
    vpc_subnet_id: "{{ my_subnet2.subnet.id }}"
    assign_public_ip: yes
- name: Create subnet for database server2
  amazon.aws.ec2_vpc_subnet:
    state: present
    vpc_id: "{{ myVPC.vpcs.0.id }}"
    cidr: 10.0.1.16/28
    tags:
      Name: Database Subnet
  register: my_subnet2