- Ensure that the Amazon VPC route table associated with the app-tier ELB subnets has the default route set up to allow access to the Internet Gateway (IGW) in order to provide internet connectivity for the app-tier load balancer. A route table contains a set of rules that are used to determine where the network traffic is directed. The route table associated with the ELB subnets should contain a default route (i.e. 0.0.0.0/0) that points to an Internet Gateway. This conformity rule assumes that the subnets associated with the app-tier ELB are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be defined in the rule settings, on your Cloud Conformity account dashboard.
To provide internet connectivity to your app-tier load balancer, the route table associated with the resource subnets should be configured to point to the Internet Gateway (IGW) created for the VPC.
Note: Ensure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
Audit
To determine if the route table associated with your app-tier ELB subnets has the default route configured to allow connectivity to an Internet Gateway (IGW), perform the following actions:
Remediation / Resolution
To create the required route (i.e. 0.0.0.0/0) with an IGW configured as gateway for the route table associated with the app-tier ELB subnets, perform the following:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- VPCs and Subnets
- Route Tables
- Add or Remove Subnets for Your Classic Load Balancer in a VPC
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-load-balancers
- describe-tags
- describe-route-tables
- create-route
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check app-tier ELB subnet connectivity to Internet Gateway
Risk level: Medium