AWS Config Rule: VPC Network ACL Unused
VPC_NETWORK_ACL_UNUSED_CHECK
Eduardo Van Cauteren
Last Update één jaar geleden
Description: Checks if there are unused network access control lists (network ACLs). The rule is COMPLIANT if each network ACL is associated with a subnet. The rule is NON_COMPLIANT if a network ACL is not associated with a subnet.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Osaka) Region
How to Resolve Manually
This config rule checks whether VPC Network ACLs (NACLs) are associated with, at least, one subnet. Any NACL found without association to a subnet will be flagged as non compliant.
If you look at the following picture, all the NACLs marked in red should all be tagged as non-compliant by AWS Config:
To address this issue, access the VPC Management Console, and navigate to Network ACLs in the left-side menu. Next, click on the Associated with table header to sort and view the NACLs without any associations.
To ensure compliance, you must either delete all NACLs that are non-compliant or attach them to a subnet. If you wish to retain the Network ACL within your infrastructure, the latter option is recommended.
How to Resolve with StackZone
You can resolve this with StackZone by enabling an auto-remediation that will delete all NACLs not associated with a subnet.
To enable go to Provisioning > Baseline Services > Config Rules Regional > Network and enable the VPC Network ACL Unused Remediation.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
