Back to All Checks
Medium EC2 Regional

VPC interface endpoints should be enabled for Systems Manager

NIST 800-53

Description

This control checks whether VPC interface endpoints are enabled for AWS Systems Manager (SSM). The control fails if there is no VPC interface endpoint for SSM or if the endpoint is not available. VPC interface endpoints allow you to privately connect your VPC to supported AWS services without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. This helps improve security by keeping traffic within the AWS network and reducing exposure to the public internet.

Remediation

Create a VPC interface endpoint for Systems Manager to enable private connectivity to AWS SSM.

Steps

  1. Open the Amazon VPC console.
  2. In the navigation pane, choose 'Endpoints'.
  3. Choose 'Create endpoint'.
  4. Select 'AWS services' as the service category.
  5. Choose 'com.amazonaws.region.ssm' as the service.
  6. Select your VPC and subnets.
  7. Choose a security group and policy.
  8. Choose 'Create endpoint'.

Compliance

NIST 800-53
Start Your Free Security Check