💼 [EC2.10] Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service

• Contextual name: 💼 [EC2.10] Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service

• ID: /frameworks/aws-fsbp-v1.0.0/ec2/10

• Located in: 💼 Elastic Compute Cloud (EC2)

Description

To improve the security posture of your VPC, you can configure Amazon EC2 to use an interface VPC endpoint. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to access Amazon EC2 API operations privately. It restricts all network traffic between your VPC and Amazon EC2 to the Amazon network. Because endpoints are supported within the same Region only, you cannot create an endpoint between a VPC and a service in a different Region. This prevents unintended Amazon EC2 API calls to other Regions.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-10
• Internal
  • ID: dec-c-1a7ff3b9

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	5	37
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			14
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	68	89
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows		37	46
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	23	49
💼 NIST SP 800-53 Revision 5 → 💼 AC-21 Information Sharing	2		8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection	29	4	50
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(3) Boundary Protection _ Access Points			8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			28
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic			22
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components			23
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation			8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components			22

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service 🟢	1	🟢 x6