Query: EC2 VPC Block Public Access settings should block internet gateway traffic

Description

This control checks whether Amazon EC2 VPC Block Public Access (BPA) settings are configured to block internet gateway traffic for all Amazon VPCs in the AWS account. The control fails if VPC BPA settings aren't configured to block internet gateway traffic. For the control to pass, the VPC BPA InternetGatewayBlockMode must be set to block-bidirectional or block-ingress. If the parameter vpcBpaInternetGatewayBlockMode is provided, the control passes only if the VPC BPA value for InternetGatewayBlockMode matches the parameter.

Query

Tables used in this query:

• aws_vpc_block_public_access_options

Controls using this query:

• 172 EC2 VPC Block Public Access settings should block internet gateway traffic
• EC2 VPC Block Public Access settings should block internet gateway traffic

SQL