AWS VPC subnets should not allow automatic public IP assignment

Description

VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.

Code Example

resource "aws_subnet" "test" {
 ...
+ map_public_ip_on_launch = false
  }

Remediation

Terraform

Resource: aws_subnet
Arguments: map_public_ip_on_launch

Rule Details

Field	Value
ID	IAC-0181
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_130

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS VPC subnets should not allow automatic public IP assignment

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS VPC subnets should not allow automatic public IP assignment ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS VPC subnets should not allow automatic public IP assignment

Description

Code Example

Remediation

Rule Details

References