v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 20 Both VPN tunnels for an AWS Site-to-Site VPN connection should be up

Description

A VPN tunnel is an encrypted link where data can pass from the customer network to or from AWS within an AWS Site-to-Site VPN connection. Each VPN connection includes two VPN tunnels which you can simultaneously use for high availability. Ensuring that both VPN tunnels are up for a VPN connection is important for confirming a secure and highly available connection between an AWS VPC and your remote network.

This control checks that both VPN tunnels provided by AWS Site-to-Site VPN are in UP status. The control fails if one or both tunnels are in DOWN status.

Remediation

To modify VPN tunnel options, see Modifying Site-to-Site VPN tunnel options in the AWS Site-to-Site VPN User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_ec2_20

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_ec2_20 --share

SQL

This control uses a named query:

vpc_vpn_tunnel_up

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = resilience
foundational_security_item_id = ec2_20
plugin = aws
service = AWS/EC2