Address source/destination check is disabled on the instance Affecting EC2 service in AWS

Severity Framework Snyk CCSS

Rule category Network / Settings

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00705
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Instances should send and receive traffic with their own IP address only. Disabling this check allows the instance to spoof other devices on the local network or intercept traffic. Ignore this issue if you are deploying a NAT instance which requires this setting to be disabled.

How to fix?

Set the instance source_dest_check attribute to true.

Example Configuration

resource "aws_instance" "allowed" {
  ami               = "ami-005e54dee72ccabcd"
  instance_type     = "t2.micro"
  source_dest_check = true
}

Terraform

Resource: aws_instance

References

Disable source/destination checks