1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
You can Suppress those findings in Security Hub. Note though that an EC2 Interface Endpoint is for all EC2 API actions, which covers more than just EC2 instance actions - it includes VPC and VPN actions for example. So you might benefit from an EC2 Interface Endpoint anyway.
As you say, Interface Endpoints incur costs and they can mount up massively across a lot of VPCs and services. In that case you can share them across VPCs - see https://www.linkedin.com/pulse/how-share-interface-vpc-endpoints-across-aws-accounts-steve-kinsman . But if you do that, you'll still find you get the Security Hub finding in all accounts other than where the EC2 Interface Endpoint was created, so you'll still need to Suppress!
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Thank you! I'll suppress the findings in Security Hub, but thanks also for the pointer to your article, which - whether I'll use it or not - provides some very good insight into some VPC intricacies, very helpful!
You can suppress or fully disable. If you suppress, you will still incur charges for the findings generated.