Checks whether at least one entry that contains the routing information about the IP addresses of a custom VPC CIDR block exists in the related route table. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to check whether a custom CIDR block is used in actual scenarios. This way, you can identify and delete invalid custom CIDR blocks at the earliest opportunity. This helps you reduce management costs that are incurred by invalid configurations.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If at least one entry that contains the routing information about the IP addresses of a custom VPC CIDR block exists in the related route table, the evaluation result is Compliant.
- If no entry that contains the routing information about the IP addresses of a custom VPC CIDR block exists in the related route table, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | vpc-secondary-cidr-route-check |
| Rule identifier | vpc-secondary-cidr-route-check |
| Tag | VPC and RouteTable |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | VPC |
| Input parameter | None. |
Incompliance remediation
Create a custom route table. For more information, see Create and manage a route table.