04 - VPC Endpoints Exposed

 

Ensure each VPC endpoint is not exposed to everything in your account

Ensure that your VPC endpoints only allow services that require to the specific service in order to enforce the principle of least privilege. This is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the VPC service at: https://console.aws.amazon.com/vpc
  • On the left hand panel select Endpoints under VIRTUAL PRIVATE CLOUD.
  • Select an Endpoint and in the bottom window select teh Policy tab and validate the permissions.

 

 

  • If the policy statement has * as the property for Action, Resource and Principle
  • Under Policy select Custom then write a policy that limits the scope of permissions.

 

 

  • Repeat the outlined steps for all VPC endpoints that you have.
See all of your AWS VPCs in a single place!

Do you want to see all VPCs in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +

Contact us

LDAPTIVE, LLC.
Mount Pleasant, SC
USA
Email: info@ldaptive.com
Intelligent Discovery ™

LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service