VPC Without Network Firewall

• Query id: fd632aaf-b8a1-424d-a4d1-0de22fd3247a
• Query name: VPC Without Network Firewall
• Platform: Terraform
• Severity: Medium
• Category: Networking and Firewall
• CWE: 311
• URL: Github

Description

VPC should have a Network Firewall associated
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_vpc" "positive" {
  cidr_block = "10.0.0.0/16"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_vpc" "negative" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_networkfirewall_firewall" "example" {
  name                = "example"
  firewall_policy_arn = aws_networkfirewall_firewall_policy.example.arn
  vpc_id              = aws_vpc.negative.id
  subnet_mapping {
    subnet_id = aws_subnet.example.id
  }

  tags = {
    Tag1 = "Value1"
    Tag2 = "Value2"
  }
}