This event detects the creation of a new VPC.
Why this Event is Important
Creation of a new VPC by an unauthorized person can lead to loss of integrity and provide anyone access to the VPC. Attackers can use this VPC to carry out malicious activities and misuse the infrastructure for their own benefit.
Audit the creation of a new VPC by any individual. Examine the audit logs to see the activities that were carried out in this VPC. Investigate and analyze the access policy to determine who has access to this VPC.
If this was an unauthorized creation of a new VPC, audit and delete the VPC. Institute a policy to follow security best practices whenever a new VPC is created. Best practices include isolating the VPC environments from others, choosing a CIDR IP block for the VPC that does not overlap with others, and having other security mechanisms to prevent unauthorized access.