MWAA environment is publicly accessible
Description
Managed Workflows for Apache Airflow (MWAA) is a managed orchestration service that makes it easier to execute Apache Airflow workflows in the cloud. Ensuring the environment is not publicly accessible helps in preventing unauthorized access. Public accessibility may expose sensitive information or make the environment susceptible to threats.
We recommend setting the MWAA environment's `webserver_access_mode` attribute to `PRIVATE_ONLY` to ensure that the environment remains inaccessible to the public. If the `webserver_access_mode` attribute does not exist or is set to any other value, it indicates that the environment may be publicly accessible.
Code Example
go
resource "aws_mwaa_environment" "example" {
//... [Other resource configurations]
+ webserver_access_mode = "PRIVATE_ONLY"
}Remediation
Terraform
- Resource: aws_mwaa_environment
- Arguments: webserver_access_mode
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0500 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_66 |