42

Network Config Rules

Last Update 8 months ago

AWS Config Rule: WAF V2 Logging Enabled AWS Config Rule: WAF Regional Web ACL Not Empty AWS Config Rule: VPC Subnet Auto Assign Public IP Disabled AWS Config Rule: ACM Certificate Expiration Check AWS Config Rule: ALB HTTP To HTTPS Redirection Check

AWS Config Rules: No Default VPC Check

NO_DEFAULT_VPC_CHECK

Ryan Ware

Last Update 2 years ago

Description: Checks if Amazon Virtual Private Cloud (VPC) are Default. The rule is NON_COMPLIANT if a VPC is Default.


Trigger type: Configurational Changes


AWS Region: All supported AWS regions

How to Resolve Manually

This AWS Config Rule is a custom policy rule which checks each region in your AWS Account to see if one of your Amazon VPCs are default or not. If it finds a default configured VPC, this AWS Config Rule will mark as non-compliant.


AWS Best Practices dictate that we do not use the Default VPC created in each region. When StackZone creates or invites a new AWS Account into your Organization, will remove the default VPC unless it is specifically tagged like so, prior to inviting an AWS Account;


Tag Key: expungevpc
Tag Value: false


If you have a Default VPC in your AWS Account and would like to remove it, follow these few steps;


1. Check if you have any resources inside your Default VPC


You will need to consider any resources inside this VPC prior to deletion. The Default VPC will be making use of default subnets spread across availability zones along with an internet gateway and default security group. On top of this, there will be a default ACL (Access control list) and default DHCP options set associated with your default VPC.


Any resources such as EC2 Instances inside this VPC are likely using the other default resources. Consider re-creating all of these in a new, standalone VPC.


2. Ensure all resources are working as intended in your new VPC


Before you delete all old default resources, ensure your new networking architecture is functioning correctly, as there is no way to rebuild the default VPC and other aspects as it were. Any services or resources on the default VPC won't be available after you delete it.


3. Delete the Default VPC from the AWS Console


This can be done from the AWS Console or AWS CLI. Once these resources have been deleted - this AWS Config Rule will mark your current region / AWS Account as COMPLIANT.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us