CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00151
- creditSnyk Research Team
Description
VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC. Users can use the flow logs to detect anomalous traffic or insight during security workflows.
How to fix?
Reference the aws_vpc in an aws_flog_log vpc_id field.
Example configuration:
resource "aws_vpc" "valid_vpc" {
# other required fields here
}
resource "aws_flow_log" "test_flow_log" {
vpc_id = "${aws_vpc.valid_vpc.id}"
# other required fields here
}
Reference the AWS::EC2::Vpc in an AWS::EC2::FlowLog ResourceId field.
Example configuration:
JSON example configuration:
{
"ValidVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16"
# other required fields here
}
},
"ValidVpcFlowLog": {
"Type": "AWS::EC2::FlowLog",
"Properties": {
"ResourceId": { "Ref": "ValidVpc" }
# other required fields here
}
}
}
YAML example configuration:
ValidVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: '10.0.0.0/16'
# other required fields here
ValidVpcFlowLog:
Type: AWS::EC2::FlowLog
Properties:
ResourceId: !Ref ValidVpc
# other required fields here