Workspaces is assigned public IP Affecting WorkSpaces service in AWS
Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Network/ Public Access
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk IDSNYK-CC-00768
- creditSnyk Research Team
Description
Assigning public IP addresses to AWS WorkSpaces can expose them to potential external threats, increasing the risk of unauthorized access and data breaches. WorkSpaces should be placed behind a virtual private network to limit public exposure and enhance security.
How to fix?
Set the rules.source attribute in the aws_workspaces_ip_group resource to valid private IP's.
Example configuration:
resource "aws_workspaces_ip_group" "allowed-1" {
name = "allowed-1"
rules {
source = "10.0.14.0/24"
description = "NY"
}
rules {
source = "172.16.14.0/32"
description = "LA"
}
}
resource "aws_workspaces_ip_group" "allowed-2" {
name = "allowed-2"
rules {
source = "192.168.14.0/24"
description = "NV"
}
}