AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Internet Gateways Should Be Attached To Authorized Virtual Private Clouds
More Info:
This rule checks if internet gateways are attached to an authorized virtual private cloud (Amazon VPC). Internet gateways provide access to the internet for instances within a VPC. The rule is marked as non-compliant if internet gateways are attached to an unauthorized VPC.
Risk Level
Medium
Address
Security
Compliance Standards
CBP,RBI_MD_ITF,RBI_UCB
Triage and Remediation
Remediation
To remediate the misconfiguration of an Internet Gateway being attached to an unauthorized Virtual Private Cloud (VPC) in AWS, follow these steps using the AWS Management Console:
-
Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
-
Navigate to the VPC Dashboard:
- In the AWS Management Console, under the “Services” tab, select “VPC” under the Networking & Content Delivery section.
-
Identify the unauthorized VPC:
- In the VPC Dashboard, locate the Internet Gateway that is attached to the unauthorized VPC. The unauthorized VPC will be the one that should not have the Internet Gateway attached to it.
-
Detaching the Internet Gateway:
- Click on the “Internet Gateways” option in the VPC Dashboard.
- Select the Internet Gateway that is attached to the unauthorized VPC.
- Click on the “Actions” dropdown menu and select “Detach from VPC”.
- In the confirmation dialog box, click on “Detach”.
-
Attach the Internet Gateway to the authorized VPC:
- Click on the “Internet Gateways” option in the VPC Dashboard.
- Select the Internet Gateway that you just detached.
- Click on the “Actions” dropdown menu and select “Attach to VPC”.
- Select the authorized VPC from the dropdown list.
- Click on “Attach”.
-
Verify the Configuration:
- Go back to the VPC Dashboard and confirm that the Internet Gateway is now attached to the authorized VPC.
By following these steps, you have successfully remediated the misconfiguration of an Internet Gateway being attached to an unauthorized Virtual Private Cloud in AWS.
To remediate the misconfiguration of an Internet Gateway being attached to unauthorized Virtual Private Clouds in AWS using AWS CLI, follow these steps:
- List all the Internet Gateways in your AWS account:
aws ec2 describe-internet-gateways
-
Identify the Internet Gateway that is attached to unauthorized Virtual Private Clouds.
-
Detach the Internet Gateway from the unauthorized Virtual Private Cloud:
aws ec2 detach-internet-gateway --internet-gateway-id <internet-gateway-id> --vpc-id <unauthorized-vpc-id>
Replace <internet-gateway-id> with the ID of the Internet Gateway and <unauthorized-vpc-id> with the ID of the unauthorized Virtual Private Cloud.
- Confirm that the Internet Gateway is detached from the unauthorized Virtual Private Cloud by listing the Internet Gateway attachments:
aws ec2 describe-internet-gateways --internet-gateway-ids <internet-gateway-id>
- If needed, delete the Internet Gateway:
aws ec2 delete-internet-gateway --internet-gateway-id <internet-gateway-id>
Replace <internet-gateway-id> with the ID of the Internet Gateway.
By following these steps, you can remediate the misconfiguration of an Internet Gateway being attached to unauthorized Virtual Private Clouds in AWS using AWS CLI.
To remediate the misconfiguration of an Internet Gateway being attached to an unauthorized Virtual Private Cloud (VPC) in AWS using Python, you can follow these steps:
-
Install the Boto3 library: Boto3 is the AWS SDK for Python and allows you to interact with AWS services. You can install it using pip with the following command:
pip install boto3 -
Use the following Python script to detach the Internet Gateway from the unauthorized VPC and attach it to the correct VPC:
import boto3
# Initialize the EC2 client
ec2_client = boto3.client('ec2')
# Define the IDs of the unauthorized VPC and the correct VPC
unauthorized_vpc_id = 'YOUR_UNAUTHORIZED_VPC_ID'
correct_vpc_id = 'YOUR_CORRECT_VPC_ID'
# Get the Internet Gateway ID attached to the unauthorized VPC
response = ec2_client.describe_internet_gateways(Filters=[{'Name': 'attachment.vpc-id', 'Values': [unauthorized_vpc_id]}])
igw_id = response['InternetGateways'][0]['InternetGatewayId']
# Detach the Internet Gateway from the unauthorized VPC
ec2_client.detach_internet_gateway(InternetGatewayId=igw_id, VpcId=unauthorized_vpc_id)
# Attach the Internet Gateway to the correct VPC
ec2_client.attach_internet_gateway(InternetGatewayId=igw_id, VpcId=correct_vpc_id)
print('Internet Gateway has been successfully attached to the correct VPC.')
-
Replace
'YOUR_UNAUTHORIZED_VPC_ID'and'YOUR_CORRECT_VPC_ID'with the actual IDs of the unauthorized VPC and the correct VPC, respectively. -
Run the Python script. This script will detach the Internet Gateway from the unauthorized VPC and attach it to the correct VPC.
By following these steps, you can remediate the misconfiguration of an Internet Gateway being attached to an unauthorized VPC in AWS using Python.