Network misconfigurations

Unused Network ACL

Risk Level

Informational (4)

Platform(s)

Description

A network access control list (ACL) operates as a firewall for regulating traffic in and out of one or more subnets in a virtual private cloud. A virtual private cloud (VPC) is a private virtual network in your AWS account, which is logically isolated from other virtual networks in AWS cloud. A VPC subnet is a subdivision of the VPC network, which has a range of IP addresses. Network ACL is an optional layer of protection for your VPC subnets. It was found that the network ACL {AwsEc2NetworkAcl} is not associated with a subnet, and therefore unused.
  • Recommended Mitigation

    It is recommended to delete any unused network ACL in order to follow AWS best practices. For more information please see <a href="https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#DeleteNetworkACL" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#DeleteNetworkACL</a>