AWS NAT Gateways are not utilized for the default route
Description
Using Amazon NAT Gateways (AWS NAT Gateways) for the default route can help improve the security and performance of your network. NAT Gateways allow you to route traffic from your Amazon Virtual Private Cloud (Amazon VPC) to the Internet, while also hiding the IP addresses of your instances from the Internet. This can help protect your instances from potential threats such as spoofing attacks and port scans.
Code Example
go
resource "aws_vpc" "example" {
cidr_block = "10.0.0.0/16"
}
resource "aws_internet_gateway" "example" {
vpc_id = aws_vpc.example.id
}
resource "aws_route_table" "aws_route_table_ok_1" {
vpc_id = aws_vpc.example.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.example.id
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0469 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_AWS_35 |