v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_well_architected
Overview
3Dashboards
205Controls
24Queries
6Variables
GitHub

Benchmark: BP02 Control traffic at all layers

Description

When architecting your network topology, you should examine the connectivity requirements of each component. For example, if a component requires internet accessibility (inbound and outbound), connectivity to VPCs, edge services, and external data centers. A VPC allows you to define your network topology that spans an AWS Region with a private IPv4 address range that you set, or an IPv6 address range AWS selects. You should apply multiple controls with a defense in depth approach for both inbound and outbound traffic, including the use of security groups (stateful inspection firewall), Network ACLs, subnets, and route tables. Within a VPC, you can create subnets in an Availability Zone. Each subnet can have an associated route table that defines routing rules for managing the paths that traffic takes within the subnet. You can define an internet routable subnet by having a route that goes to an internet or NAT gateway attached to the VPC, or through another VPC.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select BP02 Control traffic at all layers.

Run this benchmark in your terminal:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec05_bp02

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec05_bp02 --share

Controls

Tags

category = Compliance
choice_id = sec_network_protection_layered
pillar_id = security
plugin = aws
question_id = network-protection
risk = high
service = AWS
type = Benchmark