EC2 instance has public IP assigned Affecting EC2 service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Network/ Public Access

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53SOC-2
  • Snyk IDSNYK-CC-00007
  • creditSnyk Research Team

Description

EC2 instances with public IPs are potentially reachable over the internet. If NACLs and security group rules are relaxed your instances may be vulnerable to attack.

How to fix?

Set the associate_public_ip_address attribute to false.

Example Configuration

resource "aws_instance" "instance1" {
  ami           = "ami-0323c3dd2da7fabcd"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet1.id}"

  associate_public_ip_address = false
}

resource "aws_launch_configuration" "private" {
  name          = "web_config"
  image_id      = "ami-abcd1234"
  instance_type = "t2.micro"
  associate_public_ip_address = false
}

resource "aws_launch_template" "private" {
  name = "example"

  network_interfaces {
    associate_public_ip_address = false
  }
}