This rule ensures VPC internet gateways are attached only to authorized VPCs.
Rule | VPC internet gateways should be attached to authorized vpc |
Framework | GxP 21 CFR Part 11 |
Severity | ✔ Medium |
Description:
VPC (Virtual Private Cloud) internet gateways serve as a connection point between your VPC and the internet. These gateways enable communication between resources within your VPC and the outside world. However, in the context of GxP (Good Practice for Pharmaceutical) compliance, it is crucial to ensure that internet gateways are only attached to authorized VPCs, adhering to the requirements outlined in the 21 CFR Part 11 regulations.
Policy:
The policy mandates that VPC internet gateways must only be attached to VPCs that are authorized and compliant with the GxP principles outlined in the 21 CFR Part 11 regulations. This ensures that sensitive data and GxP-related activities are protected and auditable within the approved VPC environment.
Troubleshooting Steps:
If there are any issues related to VPC internet gateways or compliance with GxP 21 CFR Part 11, the following troubleshooting steps can be taken:
Verify VPC Compliance: Ensure that the VPC in question adheres to the required GxP principles as specified in the 21 CFR Part 11 regulations. Check if appropriate security measures, access controls, and auditability are in place.
Review Internet Gateway Attachment: Check the attachment of the internet gateway to the VPC. Make sure that it is attached to the correct and authorized VPC for GxP-related activities.
Check VPC Configurations: Verify the configuration settings of the VPC to ensure that it complies with the GxP requirements. Review network ACLs (Access Control Lists), security groups, and routing tables to confirm that they are properly configured and aligned with the compliance guidelines.
Validate Internet Gateway Functionality: Test the internet gateway to ensure it is functioning correctly. Verify that outbound and inbound internet connectivity is available for the authorized VPC while adhering to the GxP compliance requirements.
Audit Logs and Documentation: Review the log data and relevant documentation to validate compliance with GxP 21 CFR Part 11 requirements. This includes auditing access logs, security event logs, and documenting any changes made to the VPC or internet gateway configurations.
Remediation Steps:
If the internet gateway is not attached to the authorized VPC, follow these steps to remediate the issue:
Identify the Correct VPC: Determine the VPC that should be authorized for the GxP-related activities.
Detach the Internet Gateway: Use the AWS CLI (Command Line Interface) or AWS Management Console to detach the internet gateway from the current VPC.
Attach the Internet Gateway: Use the AWS CLI or AWS Management Console to attach the internet gateway to the authorized VPC identified in step 1. Provide the necessary VPC identifier and internet gateway identifier as parameters.
Validate Connectivity: After the attachment, verify the connectivity and ensure that the VPC has outbound and inbound internet access while adhering to the GxP 21 CFR Part 11 compliance regulations.
Re-audit and Document: Perform a thorough audit of the VPC configurations and relevant documentation to ensure compliance with GxP 21 CFR Part 11. Update any necessary documentation to reflect the changes made.
Note: The above steps assume the use of Amazon Web Services (AWS) as the cloud provider. If using a different cloud provider, refer to their specific documentation for the equivalent commands or actions.