From 40318b87bf1953f7aa57542cff722b26531ded08 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Mon, 2 Oct 2023 16:20:39 +0200 Subject: [PATCH] fix(vpc_peering_routing_tables_with_least_privilege): check only peering routes (#2887) --- ...peering_routing_tables_with_least_privilege.metadata.json | 2 +- prowler/providers/aws/services/vpc/vpc_service.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json b/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json index 6f7ec2d2..9266dad8 100644 --- a/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json +++ b/prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json @@ -17,7 +17,7 @@ "Code": { "CLI": "https://docs.bridgecrew.io/docs/networking_5#cli-command", "NativeIaC": "", - "Other": "", + "Other": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/VPC/vpc-peering-access.html#", "Terraform": "" }, "Recommendation": { diff --git a/prowler/providers/aws/services/vpc/vpc_service.py b/prowler/providers/aws/services/vpc/vpc_service.py index 819a8bde..e03554d5 100644 --- a/prowler/providers/aws/services/vpc/vpc_service.py +++ b/prowler/providers/aws/services/vpc/vpc_service.py @@ -103,7 +103,10 @@ class VPC(AWSService): if ( route["Origin"] != "CreateRouteTable" ): # avoid default route table - if "DestinationCidrBlock" in route: + if ( + "DestinationCidrBlock" in route + and "VpcPeeringConnectionId" in route + ): destination_cidrs.append(route["DestinationCidrBlock"]) conn.route_tables.append( Route(