AWS > EC2 >

Cross VPC Public Private Communication

HIGH

Source

CloudSploit

cross-vpc-public-private-communication

management console

Cross VPC Public Private Communication

Ensures communication between public and private VPC tiers is not enabled

Communication between the public tier of one VPC and the private tier of other VPCs should never be allowed. Instead, VPC peerings with proper NACLs and gateways should be used

Recommended Actions

Remove the NACL rules allowing communication between the public and private tiers of different VPCs

Links

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.