Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
2Dashboards
163Benchmarks
65Queries
2Variables
GitHub

Control: 3.4 Ensure routing tables for VPC peering are 'least access'

Description

Once a VPC peering connection is established, routing tables must be updated to establish any connections between the peered VPCs. These routes can be as specific as desired, even peering a VPC to only a single host on the other side of the connection.

Remediation

  1. Logon to VPC console.
  2. Open the Routing Table.
  3. Remove and add route table entries to ensure that the least number of subnets or hosts as is required to accomplish the purpose for peering are routable.

Default Value:

Routing table is empty by default upon creation for any newly created routing table, hence it denies any default access.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_3_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_3_4 --share

SQL

This control uses a named query:

select
  'arn:acs:::' || account_id as resource,
  'info' as status,
  'Manual verification required.' as reason
  , account_id as account_id
from
  alicloud_account;

Tags

category = Compliance
cis = true
cis_item_id = 3.4
cis_level = 2
cis_section_id = 3
cis_type = manual
cis_version = v2.0.0
plugin = alicloud
service = AliCloud/VPC