fix(vpc_peering_routing_tables_with_least_privilege): check only peering routes (#2887)

2026-02-10 06:45:08 +00:00 · 2023-10-02 16:20:39 +02:00
parent 64f06b11b8
commit 40318b87bf
2 changed files with 5 additions and 2 deletions
--- a/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json
+++ b/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json
@@ -17,7 +17,7 @@
    "Code": {
      "CLI": "https://docs.bridgecrew.io/docs/networking_5#cli-command",
      "NativeIaC": "",
-      "Other": "",
+      "Other": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/VPC/vpc-peering-access.html#",
      "Terraform": ""
    },
    "Recommendation": {
--- a/prowler/providers/aws/services/vpc/vpc_service.py
+++ b/prowler/providers/aws/services/vpc/vpc_service.py
@@ -103,7 +103,10 @@ class VPC(AWSService):
                        if (
                            route["Origin"] != "CreateRouteTable"
                        ):  # avoid default route table
-                            if "DestinationCidrBlock" in route:
+                            if (
+                                "DestinationCidrBlock" in route
+                                and "VpcPeeringConnectionId" in route
+                            ):
                                destination_cidrs.append(route["DestinationCidrBlock"])
                    conn.route_tables.append(
                        Route(