For example, in CloudFormation you can have a VPCGatewayAttachment that associates a Gateway with a VPC. For a Gateway to be included in the threat model with a parent of the VPC, it would be necessary to map the parent of the gateway to the VPC via the Attachment:
GatewayToInternet:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
VpcId:
Ref: "VPC"
InternetGatewayId:
Ref: "InternetGateway"
One possible approach could be to leverage the $source action and ensure that values are carried through as needed.
For example, in CloudFormation you can have a VPCGatewayAttachment that associates a Gateway with a VPC. For a Gateway to be included in the threat model with a parent of the VPC, it would be necessary to map the parent of the gateway to the VPC via the Attachment:
One possible approach could be to leverage the $source action and ensure that values are carried through as needed.