AWS EC2 Transit Gateways should not automatically accept VPC attachment requests

Docs > Datadog Security > OOTB Rules > AWS EC2 Transit Gateways should not automatically accept VPC attachment requests

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This check verifies whether EC2 transit gateways are set to automatically accept shared VPC attachments. The check will not pass if a transit gateway is configured to automatically accept attachment requests for shared VPCs.

Enabling the AutoAcceptSharedAttachments setting allows a transit gateway to automatically accept VPC attachment requests from other accounts without verification. To adhere to best practices for authorization and authentication, it is advised to disable this feature so that only authorized attachment requests are accepted.

Remediation

For instructions on how to make changes to a transit gateway, refer to the Modify a transit gateway section in the Amazon VPC Developer Guide.