6.12 Ensure a route table for the private subnets is created

Information

A _route table_ contains a set of rules, called _routes_, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
Once a route table for the private subnet is created, all the subnets which should be private in the Web, App and Data tiers can be associated with the route table.

The route table should only contain the default route (0.0.0.0/0) pointing to the NAT Gateway.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified command line interface:

* Create a route table for your private subnets, and note the RouteTableId in the output:

* aws ec2 create-route-table --vpc-id <application_vpc>



* Associate the new route table with the private subnets:

aws ec2 associate-route-table --route-table-id <route_table_id> --subnet-id <private_subnet1>
aws ec2 associate-route-table --route-table-id <route_table_id> --subnet-id <private_subnet2>

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(15)

Plugin: amazon_aws

Control ID: 6ed0577ff0f814322b84ed66894e8205b45b830bafd80c356473f8e6d1f6329c