I would like to suggest to add the NoDefaultVpc resource to the secure default.
The reason should probably be explained in the readme: the fewer resources you have in your AWS the less you have to worry about from a security perspective.
Only possible downside: it might break the build if the default vpc is in use. should we then add failuretolerance for this task?
behavior:
new accounts -> default vpc gets removed from all regions
existing accounts -> default vpc gets removed if not in use. when in use build logs errors and continues
I would like to suggest to add the NoDefaultVpc resource to the secure default. The reason should probably be explained in the readme: the fewer resources you have in your AWS the less you have to worry about from a security perspective.
Only possible downside: it might break the build if the default vpc is in use. should we then add failuretolerance for this task?
behavior: