Amazon EC2

Default VPC In Use

This plugin determines whether the default VPC is used for launching EC2 instances.

Risk Level: Low

Description

This plugin determines whether the default VPC is used for launching EC2 instances. The default VPC is used when a VPC is not specified for a service, this results in launching multiple services in the same network which may not require connectivity.

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

If any VPC exists which is marked as default, it will be used for launching services that have no VPC specified. Therefore, it is necessary to remove the default VPC in order to avoid unnecessary connections.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the VPC Management Console. You can use this link (https://console.aws.amazon.com/vpc) to navigate directly if already logged in. 
  3. Move to the Your VPCs in the Virtual Private Cloud section from the left navigation pane.
  4. A list of VPCs in the region will appear. Scroll right to the Default VPC column. If the value is set to “Yes”, default VPC exists.
  5. Copy the vulnerable VPC Id. 
  6. Now, open the EC2 management console. 
  7. Move to Network interfaces in the Network and Security section.
  8. In the filter networks interfaces search bar, paste the vpc id copied before. A list of network interfaces inside the VPC will be displayed. If more than one interface is found, the vulnerability exists.
  9. Repeat steps for all the VPCs you want to investigate.

Steps for Remediation

Move resources from the default VPC to a new VPC created for that application or resource group:

    1. Log In to your AWS Console.
    2. Open the VPC Management Console. You can use this link (https://console.aws.amazon.com/vpc) to navigate directly if already logged in. 
    3. Move to the Your VPCs in the Virtual Private Cloud section from the left navigation pane.
    4. A list of VPCs in the region will appear. Copy the vulnerable VPC Id.
    5. Now, open the EC2 management console.
    6. Move to Network interfaces in the Network and Security section.
    7. In the filter networks interfaces search bar, paste the vpc id copied before. A list of network interfaces inside the VPC will be displayed.
    8. Now, create a new VPC for each of the interfaces.
    9. Now, move back to the VPC Dashboard console and select the vulnerable VPC by clicking on the checkbox next to it.
    10. From the Actions menu, click on Delete VPC.
    11. Repeat the steps for all the vulnerable default VPCs.