Ensure that EC2 instance does not have public IP enabled

If a public IP is enabled, EC2 instance can be accessed using it. It can be exploited, so make sure to disable public IP and configure secured ways to access EC2 instances.

Risk Level: Medium
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.OPE.10
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

AWS_EC2_Instance where NetworkInterfaces should have NetworkInterfaces contain-all [ AssociatePublicIpAddress='false' ]

REMEDIATION

From CFT
Set all AWS::EC2::Instance NetworkInterfaces.AssociatePublicIpAddress properties to false.

References

  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-network-iface-embedded.html#aws-properties-ec2-network-iface-embedded-associatepubip

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • AWS CloudFormation ruleset