Restrict overly permissive VPC peering routes High

Overly permissive access is granted by the AWS route table with VPC peering to all traffic. Make sure that AWS route table with VPC peering is configured to prevent overly permissive to all traffic.

Detector ID
terraform/restrict-vpc-peering-routes-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_route" "igw" {
2  route_table_id         = aws_vpc.vpc.default_route_table_id
3  # Noncompliant: VPC peering contains routes overly permissive to all traffic.
4  destination_cidr_block = "0.0.0.0/0"
5  gateway_id             = aws_internet_gateway.igw.id
6  vpc_peering_connection_id = "pcx-45ff3dc1"
7}

Compliant example

1resource "aws_route" "igw" {
2  route_table_id         = aws_vpc.vpc.default_route_table_id
3  # Compliant: VPC peering does not contain routes overly permissive to all traffic.
4  destination_cidr_block    = "10.0.1.0/22"
5  gateway_id             = aws_internet_gateway.igw.id
6  vpc_peering_connection_id = "pcx-45ff3dc1"
7}