AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Default VPC Should Not Be In Use
More Info:
It is recommended not to using the default VPC.
Risk Level
Medium
Address
Security
Compliance Standards
GDPR, SOC2, NISTCSF
Triage and Remediation
Remediation
To remediate the “Default VPC Should Not Be In Use” misconfiguration in AWS, you can follow these steps:
-
Log in to the AWS Management Console.
-
Open the Amazon VPC console.
-
In the navigation pane, select “Your VPCs”.
-
Identify the default VPC. The default VPC has the “Default VPC” tag.
-
Select the default VPC.
-
Choose “Actions”, and then choose “Delete VPC”.
-
In the confirmation dialog box, choose “Delete VPC”.
-
If you have any resources running in the default VPC, you will need to move them to a new VPC before you can delete the default VPC. To do this, follow these steps:
a. In the navigation pane, select the resource type (such as EC2 instances or RDS instances).
b. Select the resource that is running in the default VPC.
c. Choose “Actions”, and then choose “Create Image” (for EC2 instances) or “Create Snapshot” (for RDS instances).
d. After the image or snapshot is created, launch a new instance or RDS instance in a new VPC.
-
After you have moved all resources out of the default VPC, repeat steps 5-7 to delete the default VPC.
-
Once the default VPC is deleted, you should create a new VPC and configure it according to your requirements.
To remediate the misconfiguration of using the Default VPC in AWS, follow these steps:
-
Open the AWS CLI on your local machine or in the AWS Management Console.
-
Run the following command to list all the VPCs in your account:
aws ec2 describe-vpcs -
Identify the Default VPC in the output. The Default VPC has the
isDefaultattribute set totrue. -
Run the following command to delete the Default VPC:
aws ec2 delete-vpc --vpc-id <vpc-id>Replace
<vpc-id>with the ID of the Default VPC that you want to delete. -
Confirm the deletion by entering
ywhen prompted. -
Once the Default VPC is deleted, you will need to create a new VPC and configure it according to your requirements.
aws ec2 create-vpc --cidr-block <cidr-block>Replace
<cidr-block>with the CIDR block that you want to assign to the new VPC. -
Configure the VPC by adding subnets, route tables, security groups, and any other required resources.
-
Once the VPC is configured, launch your instances in the new VPC instead of the Default VPC.
By following these steps, you can remediate the misconfiguration of using the Default VPC in AWS.
To remediate the “Default VPC Should Not Be In Use” misconfiguration in AWS using Python, follow these steps:
- Import the necessary AWS SDK libraries for Python:
import boto3
- Create a new EC2 resource object:
ec2 = boto3.resource('ec2')
- Get a list of all VPCs in the AWS account:
vpcs = list(ec2.vpcs.all())
- Loop through the list of VPCs and check if any of them are the default VPC:
for vpc in vpcs:
if vpc.is_default:
# Remediate the default VPC
- If a default VPC is found, you can either delete it or modify it to remove the default status. To delete the default VPC, use the following code:
vpc.delete()
- Alternatively, you can modify the default VPC to remove the default status. To do this, you need to modify the “is_default” attribute of the VPC:
vpc.modify_attribute(Default='false')
- Finally, you can confirm that the default VPC has been remediated by checking the list of VPCs again:
vpcs = list(ec2.vpcs.all())
for vpc in vpcs:
if vpc.is_default:
print("Default VPC still exists")
This should remediate the “Default VPC Should Not Be In Use” misconfiguration in AWS using Python.