Checks whether the destination CIDR block of the custom routes of a route table that is associated with a virtual private cloud (VPC) is set to all CIDR blocks. If the destination CIDR block is not set to all CIDR blocks, the evaluation result is Compliant.
Scenarios
You can create a custom route table based on your requirements. Custom route tables allow you to route traffic to specific destinations. If 0.0.0.0/0 is added to the whitelist of custom routes of a route table, the route table allows access from all IP addresses over the Internet. This causes high security risks to the route table. Proceed with caution.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
Checks whether the destination CIDR block of the custom routes of a route table that is associated with a VPC is set to all CIDR blocks. If the destination CIDR block is not set to all CIDR blocks, the evaluation result is Compliant.
Rule details
Parameter | Description |
Rule Template Name | vpc-routetable-destination-cidr-check |
Rule Template Identifier | |
Tag | RouteTable |
Automatic remediation | Not supported |
Invoke Type | Configuration Change |
Supported resource type | VPC route table (ACS::VPC::RouteTable) |
Input parameter | N/A |
Non-compliance remediation
Change the destination CIDR block of the custom routes of a route table that is associated with a VPC to a value other than 0.0.0.0/0. For more information, see Create and manage a route table.