Plugin Title Default VPC In Use
Cloud AWS
Category EC2
Description Determines whether the default VPC is being used for launching EC2 instances.
More Info The default VPC should not be used in order to avoid launching multiple services in the same network which may not require connectivity. Each application, or network tier, should use its own VPC.
AWS Link http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html
Recommended Action Move resources from the default VPC to a new VPC created for that application or resource group.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for VPC.
  3. Scroll down the left navigation panel and choose "Your VPC" under "VPC Dashboard".
  4. Copy the default "VPC ID" from the "VPC" dashboard.
  5. Select the "Services" option and search for EC2.
  6. Scroll down the left navigation panel and choose "Instances".
  7. Click inside the " Filter by tags and attributes or search by keyword box" and paste the "VPC ID" we copied in Step4 and press "Enter". AWS console will return one or more EC2 instances using "default VPC".
  8. Repeat steps number 2 - 6 to check other AWS regions.
  9. Navigate to "VPC Dashboard" and choose "Your VPC" and click on the "Create VPC" button at the top panel.
  10. Inside "Create VPC" dialog box provide a name to the new VPC and within IPv4 CIDR block box, specify an IPv4 address range for the new VPC. Select the "IPv6 CIDR block" and "Tenancy" option as per the application requirement and click on the "Create" button at the bottom to create a new VPC.
  11. Navigate to the "EC2 dashboard" and select the "EC2 Instance" which is on default VPC. Click on the "Actions" button at the top and choose "Image" to create an "Amazon Machine Image" of the selected Instance.
  12. Under the "Create Image" panel provide the "Image Name" and "Image Description" and click on the "Create Image" button at the bottom.
  13. Once the "AMI" is created click on the "Launch Instance" button at the top panel to create a new "Instance".
  14. Clcik on the "My AMIs" option and choose the "AMI".
  15. Provide the other necessary details for the new "EC2-Instance" and under the "Configuration Instance" choose the newly created "VPC" instead of default VPC.
  16. Click on the "Launch" button once reviewing the necessary configuration to launch the new "EC2-Instance". Once the new "EC2-Instance" is in healthy state remove the older "EC2-Instance" which is using the default VPC.

Want to scan for this risk automatically?

Get Started Now