EC2 Instance Using Default VPC
- Query id: e42a3ef0-5325-4667-84bf-075ba1c9d58e
- Query name: EC2 Instance Using Default VPC
- Platform: CloudFormation
- Severity: Low
- Category: Networking and Firewall
- CWE: 200
- URL: Github
Description¶
EC2 Instances should not be configured under a default VPC network
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
DefaultVPC:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-79fd7eee"
KeyName: "testkey"
SubnetId: !Ref PublicSubnetA2
PublicSubnetA2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DefaultVPC
CidrBlock: 10.1.10.0/24
AvailabilityZone: !Select [ 0, !GetAZs ] # Obtenha o primeiro AZ na lista
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public-A
Positive test num. 2 - json file
{
"Resources": {
"DefaultVPC": {
"Properties": {
"ImageId": "ami-79fd7eee",
"KeyName": "testkey",
"SubnetId": "PublicSubnetA2"
},
"Type": "AWS::EC2::Instance"
},
"PublicSubnetA2": {
"Properties": {
"AvailabilityZone": [
0,
""
],
"CidrBlock": "10.1.10.0/24",
"Tags": [
{
"Key": "Name",
"Value": "${AWS::StackName}-Public-A"
}
],
"VpcId": "DefaultVPC"
},
"Type": "AWS::EC2::Subnet"
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
DefaultVPC:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-79fd7eee"
KeyName: "testkey"
SubnetId: !Ref PublicSubnetA22
PublicSubnetA22:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.1.10.0/24
AvailabilityZone: !Select [ 0, !GetAZs ] # Obtenha o primeiro AZ na lista
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public-A
Negative test num. 2 - json file
{
"Resources": {
"DefaultVPC": {
"Properties": {
"ImageId": "ami-79fd7eee",
"KeyName": "testkey",
"SubnetId": "PublicSubnetA22"
},
"Type": "AWS::EC2::Instance"
},
"PublicSubnetA22": {
"Properties": {
"AvailabilityZone": [
0,
""
],
"CidrBlock": "10.1.10.0/24",
"Tags": [
{
"Key": "Name",
"Value": "${AWS::StackName}-Public-A"
}
],
"VpcId": "VPC"
},
"Type": "AWS::EC2::Subnet"
}
}
}