Amazon_VPC_21
Ensure you are always under the control of your environment. Always review cross-account attachment requests to your Transit gateway and approve them only if you trust the source.
Perform the following steps in order to set ‘Auto accept shared attachments’ to disable:
1. Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/ .
2. Choose Transit Gateways.
3. Choose relevant gateway and click Actions -> Modify.
4. Uncheck ‘Auto-accept shared attachments’.
Via CLI:
aws ec2 modify-transit-gateway –transit-gateway-id <Transit gateway ID> –options AutoAcceptSharedAttachments=disable
From TF:
resource aws_ec2_transit_gateway” “primary_gateway” {
– auto_accept_shared_attachments = “enable”
+ auto_accept_shared_attachments = “disable”
}
References :
https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html
CLI: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-transit-gateway.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
