EC2 Instance Using Default VPC
- Query id: 8833f180-96f1-46f4-9147-849aafa56029
- Query name: EC2 Instance Using Default VPC
- Platform: Ansible
- Severity: Low
- Category: Networking and Firewall
- CWE: 200
- URL: Github
Description¶
EC2 Instances should not be configured under a default VPC network
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: example
amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
count: 3
vpc_subnet_id: "{{ my_subnet.subnet.id }}"
assign_public_ip: yes
- name: Create subnet for database server
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ defaultVPC.vpcs.0.id }}"
cidr: 10.0.1.16/28
tags:
Name: Database Subnet
register: my_subnet
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: example2
amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
count: 3
vpc_subnet_id: "{{ my_subnet2.subnet.id }}"
assign_public_ip: yes
- name: Create subnet for database server2
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ myVPC.vpcs.0.id }}"
cidr: 10.0.1.16/28
tags:
Name: Database Subnet
register: my_subnet2