aws-vpc-endpoint-auto-accept¶
Ensure that VPC Endpoint Service is configured for Manual Acceptance
By enforcing manual acceptance, the service owner will need to explicitely grant access to the VPC. Otherwise, by auto-accepting unauthorized users may have access to your sensitive resources protected inside your VPC.
Examples¶
Insecure Example
resource "aws_vpc_endpoint_service" "example" {
acceptance_required = false
network_load_balancer_arns = [aws_lb.example.arn]
}
{
"Type" : "AWS::EC2::VPCEndpointService",
"Properties" : {
"AcceptanceRequired" : false
}
}
Secure Example
resource "aws_vpc_endpoint_service" "example" {
acceptance_required = true
network_load_balancer_arns = [aws_lb.example.arn]
}
{
"Type" : "AWS::EC2::VPCEndpointService",
"Properties" : {
"AcceptanceRequired" : true
}
}