github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/no_default_vpc.go (about) 1 package ec2 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckNoDefaultVpc = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AWS-0101", 14 Aliases: []string{"aws-vpc-no-default-vpc"}, 15 Provider: providers.AWSProvider, 16 Service: "ec2", 17 ShortCode: "no-default-vpc", 18 Summary: "AWS best practice to not use the default VPC for workflows", 19 Impact: "The default VPC does not have critical security features applied", 20 Resolution: "Create a non-default vpc for resources to be created in", 21 Explanation: `Default VPC does not have a lot of the critical security features that standard VPC comes with, new resources should not be created in the default VPC and it should not be present in the Terraform.`, 22 Links: []string{ 23 "https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html", 24 }, 25 Terraform: &scan.EngineMetadata{ 26 GoodExamples: terraformNoDefaultVpcGoodExamples, 27 BadExamples: terraformNoDefaultVpcBadExamples, 28 Links: terraformNoDefaultVpcLinks, 29 RemediationMarkdown: terraformNoDefaultVpcRemediationMarkdown, 30 }, 31 Severity: severity.High, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, def := range s.AWS.EC2.VPCs { 35 if def.IsDefault.IsTrue() { 36 results.Add( 37 "Default VPC is used.", 38 &def, 39 ) 40 } 41 } 42 return 43 }, 44 )