Rule: VPC Subnet Auto Assign Public IP Should Be Disabled

This rule ensures that VPC subnets do not automatically assign public IPs, enhancing security.

Rule	VPC subnet auto assign public IP should be disabled
Framework	CISA-cyber-essentials
Severity	✔ Medium

Rule Description:

The VPC subnet auto assignment of public IP addresses should be disabled for compliance with CISA Cyber Essentials.

Rule Details:

The rule requires that the automatic assignment of public IP addresses to subnets within an Amazon Virtual Private Cloud (VPC) be disabled. This setting ensures that resources deployed within the subnet are not directly accessible from the internet unless explicitly configured to do so.

Troubleshooting Steps:

There are no specific troubleshooting steps for this rule as it involves a configuration setting rather than addressing any potential issues. However, if any connectivity problems arise after disabling auto-assign public IP, it is recommended to review the associated security group rules and network access control lists (ACLs) to ensure proper access permissions are configured.

Necessary Codes:

There are no specific codes associated with this rule. The configuration setting is controlled within the Amazon VPC console or via AWS Command Line Interface (CLI) commands.

Remediation Steps:

Follow these step-by-step instructions to disable the automatic assignment of public IP addresses for a subnet within an Amazon VPC using the AWS CLI:

1.

Open the AWS Command Line Interface or a terminal window.

2.
Run the following command to retrieve the information for the desired subnet:
```
aws ec2 describe-subnets --query "Subnets[?VpcId=='your-vpc-id']"
```
Replace
```
your-vpc-id
```
with the actual ID of your VPC.

3.

Identify the subnet ID for which you want to disable auto-assign public IP.

4.
Run the following command to modify the subnet attribute:
```
aws ec2 modify-subnet-attribute --subnet-id your-subnet-id --no-map-public-ip-on-launch
```
Replace
```
your-subnet-id
```
with the actual ID of the subnet you want to modify.

5.
Verify the changes by running the following command and ensuring that the
```
MapPublicIpOnLaunch
```
attribute is set to
```
false
```
:
```
aws ec2 describe-subnets --query "Subnets[?SubnetId=='your-subnet-id'].MapPublicIpOnLaunch"
```
Replace
```
your-subnet-id
```
with the actual ID of the modified subnet.

Following these steps will disable the automatic assignment of public IP addresses for the desired subnet within the VPC, meeting the requirements of the CISA Cyber Essentials policy.

Rule: VPC Subnet Auto Assign Public IP Should Be Disabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Details:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Details:

Troubleshooting Steps:

Necessary Codes:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now