- Ensure that the Amazon VPC route table associated with the app-tier ELB subnets has the default route set up to allow access to the Internet Gateway (IGW) in order to provide internet connectivity for the app-tier load balancer. A route table contains a set of rules that are used to determine where the network traffic is directed. The route table associated with the ELB subnets should contain a default route (i.e. 0.0.0.0/0) that points to an Internet Gateway. This conformity rule assumes that the subnets associated with the app-tier ELB are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be defined in the rule settings, on your Cloud Conformity account dashboard.
To provide internet connectivity to your app-tier load balancer, the route table associated with the resource subnets should be configured to point to the Internet Gateway (IGW) created for the VPC.
Note: Ensure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To determine if the route table associated with your app-tier ELB subnets has the default route configured to allow connectivity to an Internet Gateway (IGW), perform the following actions:
Remediation / Resolution
To create the required route (i.e. 0.0.0.0/0) with an IGW configured as gateway for the route table associated with the app-tier ELB subnets, perform the following:
- AWS Documentation
- What Is Elastic Load Balancing?
- VPCs and Subnets
- Route Tables
- Add or Remove Subnets for Your Classic Load Balancer in a VPC
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check app-tier ELB subnet connectivity to Internet Gateway
Risk level: Medium