Ensure there are no VPC peering connections established with AWS accounts outside your AWS Organization in order to secure the peered VPC traffic to member AWS accounts only.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Having the VPC peering communication well configured to allow traffic only between the member accounts of your AWS Organization represents an effective way of keeping the organization resources private and isolated, and meet regulatory compliance. For example, if the cloud applications running in your AWS Organization are regulated by the healthcare industry, you may want to process and store any protected health information using only compliant AWS resources limited to your organization.
Audit
To determine if there are VPC peering connections established with AWS accounts outside your AWS Organization, perform the following:
Remediation / Resolution
To remove any VPC peering connections established with AWS accounts outside your AWS Organization, perform the following:
References
- AWS Documentation
- Amazon VPC FAQs
- VPC Peering
- VPC Peering Basics
- Creating and Accepting a VPC Peering Connection
- AWS Command Line Interface (CLI) Documentation
- organizations
- list-accounts
- ec2
- describe-vpc-peering-connections
- delete-vpc-peering-connection