VPC Without Attached Subnet
- Query id: 3b3b4411-ad1f-40e7-b257-a78a6bb9673a
- Query name: VPC Without Attached Subnet
- Platform: CloudFormation
- Severity: Low
- Category: Resource Management
- CWE: 665
- URL: Github
Description¶
VPCs without attached subnets may indicate that they are not being used
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC_1:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"myVPC_1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"InstanceTenancy": "dedicated",
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC_2:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
mySubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: myVPC_2
CidrBlock: 10.0.0.0/24
AvailabilityZone: "us-east-1a"
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"myVPC_2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "dedicated"
}
},
"mySubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "myVPC_2"
},
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": "us-east-1a"
}
}
}
}