EC2 instance has public IP
ID |
aws_ec2_public_ip |
Severity |
high |
Vendor |
AWS |
Resource |
Network |
Tags |
asvs50-v13.1.1, asvs50-v8.2.1, reachable |
Description
EC2 instance has public IP. To minimize the risk of unauthorized access to your instances, do not allow public IP associations.
To fix it, you must configure network.assign_public_ip=false.
Learn more about this topic at AWS EC2 instance addressing.
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: start an instance and have it begin a Tower callback on boot
amazon.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"Mitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: start an instance and have it begin a Tower callback on boot
amazon.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: false
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"