Unused Network Access Control Lists should be removed

ec2
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This check verifies if there are any unused network access control lists (ACLs).

It examines the configuration of the AWS::EC2::NetworkAcl resource and identifies the connections of the network ACL.

If the only connection is the VPC of the network ACL, the check fails.

If there are other connections listed, the check passes.

Remediation

Please refer to the Amazon VPC User Guide for guidance on removing an unused network ACL. Note that you cannot delete the default network ACL or an ACL that is linked to subnets.