VPC Attached With Too Many Gateways
- Query id: 97e94d17-e2c7-4109-a53b-6536ac1bb64e
- Query name: VPC Attached With Too Many Gateways
- Platform: CloudFormation
- Severity: Low
- Category: Availability
- CWE: 668
- URL: Github
Description¶
The number of gateways attached should not approach or go beyond the limit of 3, in a particular VPC
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
AttachVpnGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
VpnGatewayId:
Ref: myVPNGateway
AttachVpnGateway2:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
VpnGatewayId:
Ref: myVPNGateway2
AttachVpnGateway3:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
VpnGatewayId:
Ref: myVPNGateway3
AttachVpnGateway4:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
VpnGatewayId:
Ref: myVPNGateway4
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"AttachVpnGateway4": {
"Properties": {
"VpcId": {
"Ref": "myVPC"
},
"VpnGatewayId": {
"Ref": "myVPNGateway4"
}
},
"Type": "AWS::EC2::VPCGatewayAttachment"
},
"myVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"EnableDnsHostnames": "false",
"InstanceTenancy": "dedicated",
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false"
}
},
"AttachVpnGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC"
},
"VpnGatewayId": {
"Ref": "myVPNGateway"
}
}
},
"AttachVpnGateway2": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC"
},
"VpnGatewayId": {
"Ref": "myVPNGateway2"
}
}
},
"AttachVpnGateway3": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC"
},
"VpnGatewayId": {
"Ref": "myVPNGateway3"
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myVPC_2:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: dedicated
AttachVpnGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC_2
VpnGatewayId:
Ref: myVPNGateway
AttachVpnGateway2:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC_2
VpnGatewayId:
Ref: myVPNGateway2
AttachVpnGateway3:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC_2
VpnGatewayId:
Ref: myVPNGateway3
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"myVPC_2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "dedicated"
}
},
"AttachVpnGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC_2"
},
"VpnGatewayId": {
"Ref": "myVPNGateway"
}
}
},
"AttachVpnGateway2": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC_2"
},
"VpnGatewayId": {
"Ref": "myVPNGateway2"
}
}
},
"AttachVpnGateway3": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myVPC_2"
},
"VpnGatewayId": {
"Ref": "myVPNGateway3"
}
}
}
}
}