EC2 instance has public IP assigned Affecting EC2 service in AWS


Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Network / Public Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Controls CSA-CCM ISO-27001 NIST-800-53 SOC-2
  • Snyk ID SNYK-CC-00007
  • credit Snyk Research Team

Description

EC2 instances with public IPs are potentially reachable over the internet. If NACLs and security group rules are relaxed your instances may be vulnerable to attack.

How to fix?

Set the associate_public_ip_address attribute to false.

Example Configuration

resource "aws_instance" "instance1" {
  ami           = "ami-0323c3dd2da7fabcd"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet1.id}"

  associate_public_ip_address = false
}

resource "aws_launch_configuration" "private" {
  name          = "web_config"
  image_id      = "ami-abcd1234"
  instance_type = "t2.micro"
  associate_public_ip_address = false
}

resource "aws_launch_template" "private" {
  name = "example"

  network_interfaces {
    associate_public_ip_address = false
  }
}