VPC endpoint service is not configured for manual acceptance
Description
Configuring your VPC endpoint service for manual acceptance is recommended because it allows you to review and manually approve or reject incoming connection requests to your VPC. This can be useful for security purposes, as it gives you the ability to review and control which resources are able to connect to your VPC. By default, VPC endpoint services are configured for automatic acceptance, which means that all incoming connection requests are automatically accepted and allowed to connect to your VPC. Configuring your VPC endpoint service for manual acceptance allows you to review and selectively approve or reject incoming connection requests, giving you more control over who can access your VPC.
Code Example
go
resource "aws_vpc_endpoint_service" "example" {
...
+ acceptance_required = true
network_load_balancer_arns = [aws_lb.example.arn]
}Remediation
Terraform
- Resource: aws_vpc_endpoint_service
- Arguments: acceptance_required
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0176 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_123 |