020-secure-defaults: include NoDefaultVpc resource

OlafConijn commented 3 years ago

I would like to suggest to add the NoDefaultVpc resource to the secure default. The reason should probably be explained in the readme: the fewer resources you have in your AWS the less you have to worry about from a security perspective.

Only possible downside: it might break the build if the default vpc is in use. should we then add failuretolerance for this task?

behavior:

new accounts -> default vpc gets removed from all regions
existing accounts -> default vpc gets removed if not in use. when in use build logs errors and continues

eduardomourar commented 3 years ago

I think we should increase failure tolerance

OlafConijn commented 3 years ago

great! then needs to be a separate stack and a failiure tolerance of 100

org-formation / org-formation-reference

020-secure-defaults: include NoDefaultVpc resource #7