Amazon EC2
      Back to home
      1. CNS Policies
      2. AWS Knowledge Base
      3. Amazon EC2

      Unused Virtual Private Gateway

      This plugin ensures that unused Virtual Private Gateways (VGWs) are removed

      Risk Level: Low

      Description

      This plugin ensures that unused Virtual Private Gateways (VGWs) are removed. Unused AWS VGWs can create unnecessary complexity for your infrastructure. They should be removed to follow best security practices.

      About the Service

      Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

      Impact

      Unused Virtual Private Gateways (VGWs) can create complexities in the cloud infrastructure. Moreover, it can add to the service limit and prevent resources from launching. Therefore, it is recommended to remove unused VGWs.

      Steps to Reproduce

      Using AWS Console-

      1. Log In to your AWS Console.
      2. Open the VPC Management Console. You can use this link (https://console.aws.amazon.com/vpc) to navigate directly if already logged in. 
      3. Move to the Virtual Private Gateways in the VIRTUAL PRIVATE NETWORK (VPN) section from the left navigation pane.
      4. A list of VPGs in the region will appear. Scroll right to the State column. If the value is set to “detached”, the vulnerability exists.
      5. Repeat steps for all the VPGs you want to investigate.

      Steps for Remediation

      Remove the unused Virtual Private Gateways (VGWs):

      1. Log In to your AWS Console.
      2. Open the VPC Management Console. You can use this link (https://console.aws.amazon.com/vpc) to navigate directly if already logged in. 
      3. Move to the Virtual Private Gateways in the VIRTUAL PRIVATE NETWORK (VPN) section from the left navigation pane.
      4. A list of VPGs in the region will appear. Select the vulnerable Virtual Private Gateway by clicking on the radio button next to it.
      5. From the Actions menu, click on Delete Virtual Private Gateway.
      6. Repeat steps for all the vulnerable VPGs.