Guides
  1. cft policies
  2. Amazon EC2 Instance

Ensure that EC2 instance does not have public IP enabled

Risk Level: Medium
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.OPE.10
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

AWS_EC2_Instance where NetworkInterfaces should have NetworkInterfaces contain-all [ AssociatePublicIpAddress='false' ]

REMEDIATION

From CFT
Set all AWS::EC2::Instance NetworkInterfaces.AssociatePublicIpAddress properties to false.

References

  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-network-iface-embedded.html#aws-properties-ec2-network-iface-embedded-associatepubip

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • AWS CloudFormation ruleset

Updated 7 months ago