Default VPC Exists
- Query id: 96ed3526-0179-4c73-b1b2-372fde2e0d13
- Query name: Default VPC Exists
- Platform: Terraform
- Severity: Medium
- Category: Insecure Defaults
- CWE: 200
- URL: Github
Description¶
It isn't recommended to use resources in default VPC
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_default_vpc" "positive1" {
tags = {
Name = "Default VPC"
}
}
Positive test num. 2 - tf file
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.7.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
default_vpc_name = "my-default-vpc"
tags = {
Terraform = "true"
Environment = "dev"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_vpc" "negative1" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
tags = {
Name = "main"
}
}
Negative test num. 2 - tf file
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.7.0"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
}
}