EC2 Transit Gateways should not automatically accept VPC attachment requests

Severity: High

Resource Types: AWS::EC2::TransitGateway

Description

This control checks if EC2 Transit Gateways are automatically accepting shared VPC attachments. This control fails for a Transit Gateway that automatically accepts shared VPC attachment requests.

Turning on AutoAcceptSharedAttachments configures a Transit Gateway to automatically accept any cross-account VPC attachment requests without verifying the request or the account the attachment is originating from. To follow the best practices of authorization and authentication, we recommended turning off this feature to ensure that only authorized VPC attachment requests are accepted.

Remediation

For information about how to modify a Transit Gateway, see Modify a transit gateway in the Amazon VPC Developer Guide.

EC2 Transit Gateways should not automatically accept VPC attachment requests

Description​

Remediation​

Description

Remediation