VPC Without Network Firewall
- Query id: 3e293410-d5b8-411f-85fd-7d26294f20c9
- Query name: VPC Without Network Firewall
- Platform: CloudFormation
- Severity: Medium
- Category: Networking and Firewall
- CWE: 665
- URL: Github
Description¶
VPC should have a Network Firewall associated
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC11:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
SampleFirewall:
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: SampleFirewallName
FirewallPolicyArn: !Ref SampleFirewallPolicy
VpcId: !Ref myVPC
SubnetMappings:
- SubnetId: !Ref SampleSubnet1
- SubnetId: !Ref SampleSubnet2
Description: Firewall description goes here
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"SampleFirewall": {
"Properties": {
"Description": "Firewall description goes here",
"FirewallName": "SampleFirewallName",
"FirewallPolicyArn": "SampleFirewallPolicy",
"SubnetMappings": [
{
"SubnetId": "SampleSubnet1"
},
{
"SubnetId": "SampleSubnet2"
}
],
"VpcId": "myVPC"
},
"Type": "AWS::NetworkFirewall::Firewall"
},
"myVPC11": {
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": "false",
"EnableDnsSupport": "false",
"InstanceTenancy": "dedicated"
},
"Type": "AWS::EC2::VPC"
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC1:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
SampleFirewall:
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: SampleFirewallName
FirewallPolicyArn: !Ref SampleFirewallPolicy
VpcId: !Ref myVPC1
SubnetMappings:
- SubnetId: !Ref SampleSubnet1
- SubnetId: !Ref SampleSubnet2
Description: Firewall description goes here
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"SampleFirewall": {
"Properties": {
"Description": "Firewall description goes here",
"FirewallName": "SampleFirewallName",
"FirewallPolicyArn": "SampleFirewallPolicy",
"SubnetMappings": [
{
"SubnetId": "SampleSubnet1"
},
{
"SubnetId": "SampleSubnet2"
}
],
"VpcId": "myVPC1"
},
"Type": "AWS::NetworkFirewall::Firewall"
},
"myVPC1": {
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": "false",
"EnableDnsSupport": "false",
"InstanceTenancy": "dedicated"
},
"Type": "AWS::EC2::VPC"
}
}
}