The Amazon VPC security scan on Vectrix detects a variety of VPC security issues in a connected AWS account that could be leaving you vulnerable or non-compliant. This includes unrestricted endpoints, insecure network ACLs, unused gateways, and other security issues.
Scan on-demand to detect active VPC security issues that you have.
Monitor continuously to get alerted about new VPC security issues in the future.
Don't know how Amazon VPC works? Read more below.
What this scan detects
Having VPC endpoints without a resource policy attached to them could be problematic as they allow for full access to the service, potentially allowing for unauthorized access and activity across your AWS account.
Network ACLs with open ingress/egress rules
Network ACLs (Access Control Lists) with open ingress and/or egress rules can allow for unauthorized inbound and outbound traffic to connect and potentially perform malicious activity in your account.
Disabled VPC flow logs
Having disabled VPC flow logs can be problematic as not recording the IP traffic going through your VPC can leave you blind and unaware to unauthorized activity transmitting via the network-layer of your AWS account.
Insecure VPC peering connections
Having insecure VPC peering connections (via overly-permissive CIDR ranges) can be problematic as it allows for a wider range of access to resources than is actually necessary, leaving you at risk for unauthorized network movement.