Rule: VPC Route Table Should Restrict Public Access to IGW

Rule Description:

Troubleshooting Steps:

2. 1.
   Verify IGW configuration: Ensure that the IGW is properly attached to the VPC and the route table is correctly associated with the VPC.
4. 2.
   Verify subnet routing: Check the routing table of the subnets within the VPC to ensure that they are correctly configured to direct traffic towards the desired destinations.
6. 3.
   Check route table entries: Review the route table entries for any misconfigurations or conflicts that might affect the restriction of public access to the IGW.
8. 4.
   Security group settings: Verify the security group associated with instances within the VPC to ensure they are configured to deny incoming traffic from unwanted sources.
10. 5.
    Network ACL settings: Review the Network ACL (Access Control List) configurations to ensure they align with the requirement of restricting public access to the IGW.
12. 6.
    IGW permissions: Confirm that there are no unintended permissions or policies attached to the IGW that might bypass the restriction.

Necessary Codes:

Remediation Steps:

2. 1.
   Access the AWS Management Console and navigate to the VPC service.
4. 2.
   Identify the target VPC and select the associated route table.
6. 3.
   Remove the default route (also known as "0.0.0.0/0") pointing to the IGW, as it allows unrestricted access to the Internet.
8. 4.
   Create a new route rule for the required outbound traffic (if any) or use the existing specific rules in the route table.
10. 5.
    Ensure that the new route rule directs traffic to the desired destinations, while blocking any traffic towards the IGW or public networks.
12. 6.
    Save the changes to the route table.