Skip to main content

Remediation

Remove and add route table entries to ensure that only the minimum required subnets or hosts are routable for the intended peering purpose.

From Command Line

For each {{route_table_id}} containing routes that are not compliant with your routing policy (that grant more than the desired least access), delete the non-compliant route:
```
aws ec2 delete-route --route-table-id {{route_table_id}} --destination-cidr-block {{non_compliant_destination_CIDR}}
```

Create a new compliant route:

aws ec2 create-route \
    --route-table-id {{route_table_id}} \
    --destination-cidr-block {{compliant_destination_CIDR}} \
    --vpc-peering-connection-id {{peering_connection_id}}

From Command Line