6.13 Ensure Routing Table associated with Web tier ELB subnet have the default route (0.0.0.0/0) defined to allow connectivity

Information

A _route table_ contains a set of rules, called _routes_, that are used to determine where network traffic is directed.

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
The default route (0.0.0.0/0) should be pointing to the Internet Gateway in order to provide internet connectivity for the Web tier ELB.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified command line interface:

* For the above route tables, if the default route (0.0.0.0/0) exists but it doesn't have an IGW configured as gateway:

aws ec2 replace-route --route-table-id _<route_table_id>_ --destination-cidr-block 0.0.0.0/0 --gateway-id _<vpc_igw>_

* For the above route tables, if the default route (0.0.0.0/0) doesn't exist:

aws ec2 create-route --route-table-id _<route_table_id>_ --destination-cidr-block 0.0.0.0/0 --gateway-id _<vpc_igw>_

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(15)

Plugin: amazon_aws

Control ID: 1d252ed15a7cbd4f09310f4fa6e4bac35eb10ff94cfcf60ffbc0d9a5ea978578