[EC2.9]
EC2 instances should not have a public IP address
Description
All EC2 instances should have a private IP address. This control only applies to IPv4 addresses. If an instance has a public IP address, it is reachable from the internet. Private IP address minimise the risk of unauthorized entry. To make this rule COMPLIANT, you must assign a private IP address to instances.
Details
| Property | Value |
|---|---|
| Category | Protect > Secure network configuration > Public IP addresses |
| Compliance Control ID | EC2.9 |
| FortifyFox ID | FF100029 |
| Link | EC2.9 Compliance |
| Resource Type(s) | AWS::EC2::Instance |
| Severity | High |
Remediation
Use the following CloudFormation templates to deploy a EC2 instance compliant with EC2.9
YAML Template
Resources:
ec2Instance:
Type: AWS::EC2::Instance
Properties:
NetworkInterfaces:
- AssociatePublicIpAddress: False
JSON Template
{
"Resources": {
"ec2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": false
}
]
}
}
}
}