[EC2.15]
EC2 subnets should not automatically assign public IP addresses
Description
The automatic assignment of public IPs should be disabled in Amazon VPC (Virtual Private Cloud) settings. To make this rule COMPLIANT, you must set MapPublicIpOnLaunch attribute to False.
Details
| Property | Value |
|---|---|
| Category | Protect > Network security |
| Compliance Control ID | EC2.15 |
| FortifyFox ID | FF100030 |
| Link | EC2.15 Compliance |
| Resource Type(s) | AWS::EC2::Subnet |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to disable mapping of public IP address in VPC and comply with EC2.15
YAML Template
Resources:
ec2Subnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: YOUR_VPC_ID
MapPublicIpOnLaunch: False
JSON Template
{
"Resources": {
"ec2Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": "YOUR_VPC_ID",
"MapPublicIpOnLaunch": false
}
}
}
}
📓 NotesYou will need to replace YOUR_VPC_ID with the ID of your VPC.