This event detects a VPC configuration change.
Why this Event is Important
Modification of a VPC configuration by an unauthorized person can lead to loss of integrity and provide anyone access to the VPC. Attackers can use this VPC to carry out malicious activities and misuse the infrastructure for their own benefit.
Audit the modification of a VPC by any individual. Examine the audit logs to see the activities that were carried out in this VPC. Investigate and analyze the access policy to determine who has access to this VPC.
If this was an unauthorized modification of a VPC, audit and delete the changes made to the VPC. Institute a policy to follow security best practices whenever a new VPC is created. Best practices include isolating the VPC environments from others, choosing a CIDR IP block for the VPC that does not overlap with others, and having other security mechanisms to prevent unauthorized access.