Ensure that address source/destination check is enabled on the instance

This source/destination check can help preventing spoofing or intercept of the traffic. Ignore this issue if you are deploying a NAT instance which requires this setting to be disabled.

Risk Level: Low
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.NET.07
Covered by Spectral: Yes
Category: Compute


AWS_EC2_Instance should not have SourceDestCheck=false


From CFT
Set AWS::EC2::Instance SourceDestCheck property to 'true' or remove the property


  1. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • AWS CloudFormation ruleset