Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Route Table Should Restrict Public Access to IGW

This rule ensures VPC route table restricts public access to Internet Gateway (IGW).

RuleVPC route table should restrict public access to IGW
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

This rule ensures that the VPC route table restricts public access to the Internet Gateway (IGW) as per the security guidelines outlined in NIST 800-53 Revision 5. By implementing this rule, you can enhance the security posture of your VPC by preventing unauthorized access from the public internet.

Troubleshooting Steps (if applicable)

If you encounter any issues while implementing this rule, you can follow these troubleshooting steps:

  1. 1.
    Check the current route table configuration: Validate the existing configuration of your VPC route table to ensure it allows or denies access to the IGW.
  2. 2.
    Verify route propagation: Confirm that the VPC subnets are properly associated with the desired route table.
  3. 3.
    Review network ACL rules: Check if any network ACL rules are conflicting with the desired route table configurations.

Necessary Codes (if applicable)

In order to implement this rule, no specific code is required. Instead, you can utilize the AWS Management Console or command line interface (CLI) to configure the VPC route table.

Step-by-Step Guide for Remediation

Follow these steps to remediate and restrict public access to the Internet Gateway within your VPC route table:

  1. 1.
    Login to the AWS Management Console.
  2. 2.
    Navigate to the VPC service.
  3. 3.
    Select the VPC for which you want to configure the route table.
  4. 4.
    Go to the "Route Tables" section.
  5. 5.
    Identify the route table associated with the VPC subnets requiring the restriction.
  6. 6.
    Review the existing routes within the route table and locate the entry allowing access to the IGW.
  7. 7.
    From the "Actions" drop-down menu, choose "Edit Routes."
  8. 8.
    Delete the existing route that allows public access to the IGW.
  9. 9.
    To restrict access, add a new route that points to a blackhole or non-existent target (e.g., an invalid IP address).
  10. 10.
    Click "Save" to apply the changes.

Ensure that you review and test the modified route table configuration to confirm that public access to the IGW is restricted as intended. Monitor the VPC network traffic and consult the AWS documentation for any further customization or optimization requirements based on your specific use case.

Note: It is essential to thoroughly review and test the modified configuration to avoid any unintended disruption to your application or connectivity requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now