AWS EC2 Transit Gateways should not automatically accept VPC attachment requests

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This check verifies whether EC2 transit gateways are set to automatically accept shared VPC attachments. The check will not pass if a transit gateway is configured to automatically accept attachment requests for shared VPCs.

Enabling the AutoAcceptSharedAttachments setting allows a transit gateway to automatically accept VPC attachment requests from other accounts without verification. To adhere to best practices for authorization and authentication, it is advised to disable this feature so that only authorized attachment requests are accepted.

Remediation

For instructions on how to make changes to a transit gateway, refer to the Modify a transit gateway section in the Amazon VPC Developer Guide.