Ensure that EC2 instance does not have public IP enabled
If a public IP is enabled, EC2 instance can be accessed using it. It can be exploited, so make sure to disable public IP and configure secured ways to access EC2 instances.
Risk Level: Medium
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.OPE.10
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_EC2_Instance where NetworkInterfaces should have NetworkInterfaces contain-all [ AssociatePublicIpAddress='false' ]
REMEDIATION
From CFT
Set all AWS::EC2::Instance NetworkInterfaces.AssociatePublicIpAddress
properties to false.
References
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago