EC2 Instance Using Default VPC

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An Amazon Elastic Compute Cloud (EC2) instance is deployed in the default Virtual Private Cloud (VPC). The default VPC is configured as a publicly accessible VPC with an internet gateway, public subnets, and a route table which can lead to unintentional exposure of sensitive data if used. It is a best practice to avoid the use of the default VPC. Any EC2 instances deployed in the default VPC should be removed or migrated to the appropriate non-default VPC.