EC2 Instance Using Default VPC

  • Query id: 7e4a6e76-568d-43ef-8c4e-36dea481bff1
  • Query name: EC2 Instance Using Default VPC
  • Platform: Terraform
  • Severity: Low
  • Category: Networking and Firewall
  • CWE: 200
  • URL: Github

Description

EC2 Instances should not be configured under a default VPC network
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_instance" "positive1" {
  ami = "ami-003634241a8fcdec0"

  instance_type = "t2.micro"

  subnet_id   = aws_subnet.my_subnet.id

}

resource "aws_subnet" "my_subnet" {
  vpc_id     = aws_vpc.default.id
  cidr_block = "10.0.1.0/24"

  tags = {
    Name = "Main"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_instance" "negative1" {
  ami = "ami-003634241a8fcdec0"

  instance_type = "t2.micro"

  subnet_id   = aws_subnet.my_subnet2.id

}

resource "aws_subnet" "my_subnet2" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"

  tags = {
    Name = "Main"
  }
}