Ensure AWS Auto Scaling group launch configuration doesn’t have public IP address assignment enabled

Description

This policy checks whether an AWS Auto Scaling group launch configuration has public IP address assignment enabled. Public IP address assignment can expose resources to the internet, increasing the risk of unauthorized access. It's essential to restrict public access to only those resources that require it. By disabling public IP address assignment, you can reduce the attack surface of your AWS resources.

Code Example

terraform

resource "aws_launch_configuration" "example" {
  image_id      = "ami-abc123"
  instance_type = "t2.micro"
  associate_public_ip_address = false
}

Remediation

Ensure the launch configuration does not assign a public IP address.

Rule Details

Field	Value
ID	IAC-0436
Severity	MEDIUM
IaC Type	Terraform
Frameworks	aws_launch_configuration
Checkov ID	CKV_AWS_389

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure AWS Auto Scaling group launch configuration doesn’t have public IP address assignment enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure AWS Auto Scaling group launch configuration doesn’t have public IP address assignment enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure AWS Auto Scaling group launch configuration doesn’t have public IP address assignment enabled

Description

Code Example

Remediation

Rule Details

References