AWS EC2 instances with public IP and associated with security groups have Internet access
Description
A public IP address is an IPv4 address that is reachable from the Internet. You can use public addresses for communication between your instances and the Internet. Each instance that receives a public IP address is also given an external DNS hostname. We recommend you control whether your instance receives a public IP address as required.
Code Example
resource "aws_instance" "bar" {
...
- associate_public_ip_address = true
}Remediation
- AWS Console*
To change the policy using the AWS Console, follow these steps:
. Log in to the AWS Management Console at https://console.aws.amazon.com/.
. Open the https://console.aws.amazon.com/vpc [Amazon VPC console].
. In the navigation pane, select * Subnets*.
. Select a * subnet*, then select * Subnet Actions* > * Modify auto-assign IP settings*.
. Select * auto-assign public IPv4 address*. + When selected, requests a public IPv4 address for all instances launched into the selected subnet. + Select or clear the setting as required.
. Click * Save*. === Fix - Buildtime
Terraform
- Resource: aws_instance
- Arguments: associate_public_ip_address - (Optional) Associate a public ip address with an instance in a VPC.
Boolean value.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0141 |
| Severity | HIGH |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, |
| Checkov ID | CKV_AWS_88 |