Amazon_VPC_12

Ensure VPC Endpoint Cross Account Access is not enabled

Description

Ensure that all your AWS VPC endpoints are configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account access.

Remediation

  1. Sign in to the AWS Management Console.
  2. Navigate to AWS VPC dashboard at https://console.aws.amazon.com/vpc/.
  3. In the left navigation panel, under Virtual Private Cloud section, click Endpoints.
  4. Select the VPC endpoint that you want to reconfigure.
  5. Click the Actions dropdown button from the dashboard top menu and select Edit Policy to update the endpoint policy.
  6. Inside the Edit Policy dialog box, select Custom and update the access policy by replacing the existing AWS identifier(s) defined as the Principal element value(s) with the trusted one(s).
  7. Click Save Policy to apply the new permissions.
  8. Repeat steps no. 4 – 7 to update the access policy for other VPC endpoints available in the current region in order to block requests from any unauthorized AWS accounts.
  9. Change the AWS region from the navigation bar and repeat the process for other regions.

Service

VPC

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!