This rule emphasizes that EC2 instances must not be assigned a public IP address to enhance security measures.
Rule | EC2 instances should not have a public IP address |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ High |
Rule Description:
EC2 instances that are part of the FedRAMP Low environment should not have a public IP address. Public IP addresses can introduce potential security risks by allowing direct access to the instances from the internet.
Troubleshooting Steps:
If an EC2 instance has a public IP address in the FedRAMP Low environment, follow these steps to troubleshoot and remediate the issue:
Remediation Steps:
To remove the public IP address from an EC2 instance in the FedRAMP Low environment, follow these steps:
Code:
There is no specific code required to remove the public IP address from an EC2 instance. The remediation steps can be performed through the AWS Management Console.
Note: If you prefer using the AWS Command Line Interface (CLI), you can use the following command to disassociate the public IP address:
aws ec2 disassociate-address --public-ip <public_ip_address>
Replace
<public_ip_address>
with the public IP address associated with the EC2 instance.Additional Recommendations: