1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
You can Suppress those findings in Security Hub. Note though that an EC2 Interface Endpoint is for all EC2 API actions, which covers more than just EC2 instance actions - it includes VPC and VPN actions for example. So you might benefit from an EC2 Interface Endpoint anyway.
As you say, Interface Endpoints incur costs and they can mount up massively across a lot of VPCs and services. In that case you can share them across VPCs - see https://www.linkedin.com/pulse/how-share-interface-vpc-endpoints-across-aws-accounts-steve-kinsman . But if you do that, you'll still find you get the Security Hub finding in all accounts other than where the EC2 Interface Endpoint was created, so you'll still need to Suppress!
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años
Thank you! I'll suppress the findings in Security Hub, but thanks also for the pointer to your article, which - whether I'll use it or not - provides some very good insight into some VPC intricacies, very helpful!
You can suppress or fully disable. If you suppress, you will still incur charges for the findings generated.