Ensure that the AWS VPC route table associated with the web-tier ELB subnets has the default route configured to allow access to an Internet Gateway (IGW) in order to provide internet connectivity for the web-tier load balancer. A VPC route table contains a set of rules (also known as routes) that are used to determine where the network traffic is directed. The route table associated with the ELB subnets should contain a default route (i.e. 0.0.0.0/0) that points to an Internet Gateway. This conformity rule assumes that the subnets associated with the web-tier ELB are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> is tag name and <web_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
To provide internet connectivity for your web-tier load balancer, the route table associated with its subnets should be configured to point to the Internet Gateway (IGW) within the VPC.
Note: Ensure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if the route table linked to your web-tier ELB subnets has the default route configured to allow connectivity to the Internet Gateway (IGW), perform the following:
Remediation / Resolution
To create the required route (i.e. 0.0.0.0/0) with an IGW configured as gateway for the route table associated with the web-tier ELB subnets, perform the following actions:
- AWS Documentation
- What Is Elastic Load Balancing?
- VPCs and Subnets
- Route Tables
- Add or Remove Subnets for Your Classic Load Balancer in a VPC
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check web-tier ELB subnet connectivity to Internet Gateway
Risk level: Medium