CloudWiki
Rules
Medium

Ensure that the VPC Endpoint state is available

Availability
No items found.
Description

The VPC Endpoint state refers to the status of an Amazon VPC endpoint, which allows communication between an Amazon VPC and other AWS services without going through the internet. Ensuring that the VPC endpoint state is available means that the endpoint is functioning properly and available for use.

Remediation

If a VPC endpoint is in a state other than "available", follow these remediation steps to ensure that the endpoint is available:

  1. Check if there are any issues with the VPC endpoint by viewing the state reason message. If there are issues, resolve them.
  2. Check if the VPC endpoint is associated with a security group. If it is not, associate the VPC endpoint with a security group that allows traffic from the resources that use the VPC endpoint.
  3. Check if the route tables associated with the VPC endpoint have a route to the endpoint. If they do not, add a route to the endpoint.
  4. Check if the VPC endpoint is in a subnet that is attached to a route table that has a route to the endpoint. If it is not, attach the subnet to a route table that has a route to the endpoint.
  5. Check if the VPC endpoint policy allows the required traffic from the resources that use the endpoint. If it does not, update the policy to allow the required traffic.

Once the above remediation steps are completed, the VPC endpoint state should change to "available".

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.