Ensure Server instance should not have public IP.
Description
This policy checks whether a server instance has a public IP assigned, which could potentially expose it to unauthorized access from the internet. Having a public IP on a server instance can increase the attack surface and make it more vulnerable to attacks. It is recommended to use private IPs for server instances and only expose them to the internet through a load balancer or a NAT gateway if necessary. By not assigning a public IP to a server instance, you can reduce the risk of unauthorized access and improve the overall security of your infrastructure.
Code Example
terraform
resource "ncloud_server" "example" {
# public_ip - do not assign a public IP
# public_ip = ncloud_public_ip.example.id
}Remediation
Ensure the server instance does not have a public IP by removing or commenting out the public IP assignment.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1224 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_public_ip |
| Checkov ID | CKV_NCP_23 |