Ensure that the AWS VPC route table associated with the web-tier ELB subnets has the default route configured to allow access to an Internet Gateway (IGW) in order to provide internet connectivity for the web-tier load balancer. A VPC route table contains a set of rules (also known as routes) that are used to determine where the network traffic is directed. The route table associated with the ELB subnets should contain a default route (i.e. 0.0.0.0/0) that points to an Internet Gateway. This conformity rule assumes that the subnets associated with the web-tier ELB are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> is tag name and <web_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
To provide internet connectivity for your web-tier load balancer, the route table associated with its subnets should be configured to point to the Internet Gateway (IGW) within the VPC.
Note: Ensure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
Audit
To determine if the route table linked to your web-tier ELB subnets has the default route configured to allow connectivity to the Internet Gateway (IGW), perform the following:
Remediation / Resolution
To create the required route (i.e. 0.0.0.0/0) with an IGW configured as gateway for the route table associated with the web-tier ELB subnets, perform the following actions:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- VPCs and Subnets
- Route Tables
- Add or Remove Subnets for Your Classic Load Balancer in a VPC
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-load-balancers
- describe-tags
- describe-route-tables
- create-route
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check web-tier ELB subnet connectivity to Internet Gateway
Risk level: Medium