VPC Attached With Too Many Gateways

Query id: 97e94d17-e2c7-4109-a53b-6536ac1bb64e
Query name: VPC Attached With Too Many Gateways
Platform: CloudFormation
Severity: Low
Category: Availability
CWE: 668
URL: Github

Description¶

The number of gateways attached should not approach or go beyond the limit of 3, in a particular VPC
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

< Re

Positive test num. 2 - json file

/span>

AWSTemplateFormatVersion: '2010-09-09' sources: class="w">    myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: 'false' EnableDnsHostnames: 'false' InstanceTenancy: dedicated AttachVpnGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC VpnGatewayId: Ref: myVPNGateway AttachVpnGateway2: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC VpnGatewayId: Ref: myVPNGateway2 AttachVpnGateway3: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC VpnGatewayId: Ref: myVPNGateway3 AttachVpnGateway4: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC VpnGatewayId: Ref: myVPNGateway4 /span>{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "AttachVpnGateway4": { "Properties": { "VpcId": { class="w">          "Ref": "myVPC" }, "VpnGatewayId": { "Ref": "myVPNGateway4" } }, "Type": "AWS::EC2::VPCGatewayAttachment" }, "myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "EnableDnsHostnames": "false", "InstanceTenancy": "dedicated", "CidrBlock": "10.0.0.0/16", "EnableDnsSupport": "false" } }, "AttachVpnGateway": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "VpnGatewayId": { "Ref": "myVPNGateway" } } }, "AttachVpnGateway2": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "VpnGatewayId": { "Ref": "myVPNGateway2" } } }, "AttachVpnGateway3": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "VpnGatewayId": { "Ref": "myVPNGateway3" } } } } }
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml fileAWSTemplateFormatVersion: '2010-09-09'
Resources:
    myVPC_2:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: 10.0.0.0/16
        EnableDnsSupport: 'false'
        EnableDnsHostnames: 'false'
        InstanceTenancy: dedicated
    AttachVpnGateway:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway
    AttachVpnGateway2:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway2
    AttachVpnGateway3:
      Type: AWS::EC2::VPCGatewayAttachment
      Properties:
        VpcId:
           Ref: myVPC_2
        VpnGatewayId:
           Ref: myVPNGateway3

Negative test num. 2 - json file{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myVPC_2": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16",
        "EnableDnsSupport": "false",
        "EnableDnsHostnames": "false",
        "InstanceTenancy": "dedicated"
      }
    },
    "AttachVpnGateway": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway"
        }
      }
    },
    "AttachVpnGateway2": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway2"
        }
      }
    },
    "AttachVpnGateway3": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "myVPC_2"
        },
        "VpnGatewayId": {
          "Ref": "myVPNGateway3"
        }
      }
    }
  }
}