Skip to content

aws-vpc-endpoint-auto-accept

Ensure that VPC Endpoint Service is configured for Manual Acceptance

By enforcing manual acceptance, the service owner will need to explicitely grant access to the VPC. Otherwise, by auto-accepting unauthorized users may have access to your sensitive resources protected inside your VPC.

Examples

Insecure Example

resource "aws_vpc_endpoint_service" "example" {
    acceptance_required        = false
    network_load_balancer_arns = [aws_lb.example.arn]
}
{
  "Type" : "AWS::EC2::VPCEndpointService",
  "Properties" : {
      "AcceptanceRequired" : false
  }
}

Secure Example

resource "aws_vpc_endpoint_service" "example" {
    acceptance_required        = true
    network_load_balancer_arns = [aws_lb.example.arn]
}
{
  "Type" : "AWS::EC2::VPCEndpointService",
  "Properties" : {
      "AcceptanceRequired" : true
  }
}

More information