iCompaas Support

Profile Applicability:

• Level 1

Description:

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network you define. It enables better control over networking, including IP address ranges, subnets, route tables, and gateways.

Rationale:

By creating and using a custom VPC, you gain full control over your virtual networking environment. This improves the security posture of your workloads by enabling you to define security groups, network ACLs, and route traffic through NAT gateways, VPNs, or Direct Connect. It ensures database services are deployed in an isolated and secure manner.

Impact:

Pros:

• Enhances network segmentation and access control.

• Ensures logical isolation of workloads.
  

• Enables tighter integration with on-premise infrastructure (e.g., via VPN or Direct Connect).
  

Cons:

• Requires manual setup and management of networking components.
  

• Misconfiguration may lead to restricted access or network failures.

Default Value:

AWS creates a default VPC in each region, but this default may not be configured for best security practices (e.g., public subnets and open security groups). No custom VPCs are created automatically.

Pre-requisites:

• AWS IAM permissions:
  

  • ec2:DescribeVpcs
    

  • ec2:CreateVpc
    

  • ec2:DeleteVpc
    

• CIDR block definition for the new VPC.
  

Remediation

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to VPC > Your VPCs.
   

3. Confirm the presence of at least one non-default (custom) VPC.
   

Using AWS CLI:

aws ec2 describe-vpcs --query "Vpcs[?IsDefault==\`false\`].{ID:VpcId,CIDR:CidrBlock}"

Implementation Plan

Using AWS Console:

1. Navigate to VPC service in the AWS Console.
   

2. Click Create VPC.
   

3. Choose VPC only option.
   

4. Enter a name and CIDR block 
   

5. Choose tenancy (default or dedicated).
   

6. Click Create VPC.
   

Using AWS CLI:

1. Create the VPC:

aws ec2 create-vpc --cidr-block 10.0.0.0/16

2. Enable DNS support and hostnames (optional):

aws ec2 modify-vpc-attribute --vpc-id <vpc-id> --enable-dns-support "{\"Value\":true}"

aws ec2 modify-vpc-attribute --vpc-id <vpc-id> --enable-dns-hostnames "{\"Value\":true}"

Backout Plan

Using AWS Console:

1. Navigate to VPC > Your VPCs.
   

2. Select the VPC created manually.
   

3. Click Actions > Delete VPC.
   

Using AWS CLI:

aws ec2 delete-vpc --vpc-id <vpc-id>

References:

• Amazon VPC Documentation

• VPC Best Practices