1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
You can Suppress those findings in Security Hub. Note though that an EC2 Interface Endpoint is for all EC2 API actions, which covers more than just EC2 instance actions - it includes VPC and VPN actions for example. So you might benefit from an EC2 Interface Endpoint anyway.
As you say, Interface Endpoints incur costs and they can mount up massively across a lot of VPCs and services. In that case you can share them across VPCs - see https://www.linkedin.com/pulse/how-share-interface-vpc-endpoints-across-aws-accounts-steve-kinsman . But if you do that, you'll still find you get the Security Hub finding in all accounts other than where the EC2 Interface Endpoint was created, so you'll still need to Suppress!
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
Thank you! I'll suppress the findings in Security Hub, but thanks also for the pointer to your article, which - whether I'll use it or not - provides some very good insight into some VPC intricacies, very helpful!
You can suppress or fully disable. If you suppress, you will still incur charges for the findings generated.