EC2 Instance using default VPC
ID |
aws_ec2_default_vpc |
Severity |
low |
Vendor |
AWS |
Resource |
Network |
Tags |
reachable |
Description
EC2 Instance using default VPC. The default VPC comes with a default configuration that lacks the proper security controls. Your network should be well configured and follow the least privilege principle, meaning only the necessary privileges are granted.
To fix it you must configure vpc_subnet_id property.
Learn more about this topic at AWS Default VPC.
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: instance
amazon.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"Mitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: instance
amazon.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"