VPC Attached With Too Many Gateways

  • Query id: 97e94d17-e2c7-4109-a53b-6536ac1bb64e
  • Query name: VPC Attached With Too Many Gateways
  • Platform: CloudFormation
  • Severity: Low
  • Category: Availability
  • CWE: 668
  • URL: Github

Description

The number of gateways attached should not approach or go beyond the limit of 3, in a particular VPC
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
    myVPC:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: 10.0.0.0/16
        EnableDnsSupport: 'false'
        EnableDnsHostnames: 'false'
        InstanceTenancy: dedicated
    AttachVpnGateway:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC
        VpnGatewayId:
           Ref: myVPNGateway
    AttachVpnGateway2:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC
        VpnGatewayId:
           Ref: myVPNGateway2
    AttachVpnGateway3:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC
        VpnGatewayId:
           Ref: myVPNGateway3
    AttachVpnGateway4:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC
        VpnGatewayId:
           Ref: myVPNGateway4
Positive test num. 2 - json file
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "AttachVpnGateway4": {
      "Properties": {
        "VpcId": {
          "Ref": "myVPC"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway4"
        }
      },
      "Type": "AWS::EC2::VPCGatewayAttachment"
    },
    "myVPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "EnableDnsHostnames": "false",
        "InstanceTenancy": "dedicated",
        "CidrBlock": "10.0.0.0/16",
        "EnableDnsSupport": "false"
      }
    },
    "AttachVpnGateway": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway"
        }
      }
    },
    "AttachVpnGateway2": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway2"
        }
      }
    },
    "AttachVpnGateway3": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway3"
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
    myVPC_2:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: 10.0.0.0/16
        EnableDnsSupport: 'false'
        EnableDnsHostnames: 'false'
        InstanceTenancy: dedicated
    AttachVpnGateway:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway
    AttachVpnGateway2:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway2
    AttachVpnGateway3:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway3
Negative test num. 2 - json file
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myVPC_2": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16",
        "EnableDnsSupport": "false",
        "EnableDnsHostnames": "false",
        "InstanceTenancy": "dedicated"
      }
    },
    "AttachVpnGateway": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway"
        }
      }
    },
    "AttachVpnGateway2": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway2"
        }
      }
    },
    "AttachVpnGateway3": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway3"
        }
      }
    }
  }
}