Non-default VPCs are evaluated across the account to determine whether they exist in more than one region. The result reflects if your custom network topology is regionally distributed or concentrated in a single region.
Risk
Single-region VPC deployment weakens availability and resilience. A regional outage, service disruption, or network control misconfiguration can cause broad downtime, hinder recovery, and increase the blast radius of incidents impacting business continuity.
Run this check with Prowler CLI
prowler aws --checks vpc_different_regions
Recommendation
Adopt a multi-region network design:
- Create VPCs in at least two regions for critical workloads
- Replicate routing, security controls, and endpoints consistently
- Apply fault tolerance and defense in depth with data replication and resilient DNS/failover to avoid single-region dependency
Remediation
CLI
aws ec2 create-vpc --region <OTHER_REGION> --cidr-block <CIDR_BLOCK>
Native IaC
Terraform
Other
- Open the AWS Console and go to VPC
- In the Region selector (top right), choose a different region than your existing non-default VPCs
- Click Create VPC > VPC only
- Enter an IPv4 CIDR block (e.g., 10.0.0.0/16)
- Click Create VPC
- Verify a non-default VPC now exists in this second region
Source Code
Resource Type
AwsEc2Vpc