Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
General/ Public Access
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53SOC-2
- Snyk IDSNYK-CC-00239
- creditSnyk Research Team
Description
Instances launched in this subnet will be potentially accessible over public internet, which may lead to unauthorized access.
How to fix?
Set map_public_ip_on_launch attribute to false.
Example Configuration
resource "aws_subnet" "my_subnet" {
vpc_id = aws_vpc.my_vpc2.id
cidr_block = "172.16.10.0/24"
availability_zone = "us-west-2a"
map_public_ip_on_launch = false
tags = {
Name = "tf-example"
}
}
Set Properties.MapPublicIpOnLaunch attribute with value true.