When Transit Gateway VPC associations and propagations are enabled, they allow communication between VPCs that are associated with the same Transit Gateway. If these associations and propagations are left enabled when they are not necessary, they can increase the risk of unauthorized access and create a more complex network topology. To ensure the security and simplicity of the network, it is recommended to disable Transit Gateway VPC associations and propagations when they are not required.
The remediation steps to disable Transit Gateway VPC associations and propagations are:
- Navigate to the AWS Transit Gateway console.
- Choose the Transit Gateway in question.
- Select the VPC attachment from the list.
- Choose the "Edit" button for the VPC attachment.
- Under "Transit Gateway Attachments," deselect "Enable Transit Gateway Association" and "Enable Transit Gateway Route Table Propagation" checkboxes.
- Choose "Save."
Repeat these steps for each Transit Gateway VPC attachment that requires disabling associations and propagations.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
