Severity Framework
Snyk CCSS
Rule category
General / Public Access
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
CSA-CCM
ISO-27001
NIST-800-53
SOC-2
- Snyk ID SNYK-CC-00239
- credit Snyk Research Team
Description
Instances launched in this subnet will be potentially accessible over public internet, which may lead to unauthorized access.
How to fix?
Set map_public_ip_on_launch attribute to false.
Example Configuration
resource "aws_subnet" "my_subnet" {
vpc_id = aws_vpc.my_vpc2.id
cidr_block = "172.16.10.0/24"
availability_zone = "us-west-2a"
map_public_ip_on_launch = false
tags = {
Name = "tf-example"
}
}