EC2 instance has public IP assigned Affecting EC2 service in AWS

Severity Framework Snyk CCSS

Rule category Network / Public Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00007
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

EC2 instances with public IPs are potentially reachable over the internet. If NACLs and security group rules are relaxed your instances may be vulnerable to attack.

How to fix?

Set the associate_public_ip_address attribute to false.

Example Configuration

resource "aws_instance" "instance1" {
  ami           = "ami-0323c3dd2da7fabcd"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet1.id}"

  associate_public_ip_address = false
}

resource "aws_launch_configuration" "private" {
  name          = "web_config"
  image_id      = "ami-abcd1234"
  instance_type = "t2.micro"
  associate_public_ip_address = false
}

resource "aws_launch_template" "private" {
  name = "example"

  network_interfaces {
    associate_public_ip_address = false
  }
}

EC2 instance has public IP assigned Affecting EC2 service in AWS

Description

How to fix?

Example Configuration

Terraform

References