This rule ensures that VPC subnets do not automatically assign public IP addresses, enhancing network security.
Rule | VPC subnet auto assign public IP should be disabled |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ Medium |
Rule Description
The VPC subnet auto assign public IP feature should be disabled for FedRAMP Low Revision 4 compliance. This rule ensures that instances within the Amazon Virtual Private Cloud (VPC) do not automatically receive a public IP address. By disabling this feature, instances are only assigned a private IP address, thus reducing the attack surface and potential exposure to the public network.
Remediation Steps
To comply with the FedRAMP Low Revision 4 requirements, the VPC subnet auto assign public IP feature needs to be disabled. Below are step-by-step instructions to remediate this issue.
Step 1: Access the AWS Management Console
Login to the AWS Management Console using appropriate credentials.
Step 2: Navigate to VPC Dashboard
Go to the VPC Dashboard by clicking on the "Services" dropdown, selecting "VPC" under the "Networking & Content Delivery" section.
Step 3: Select the VPC
In the VPC Dashboard, select the VPC that needs to be configured.
Step 4: Navigate to Subnets
Click on "Subnets" in the left navigation pane to view the list of subnets within the selected VPC.
Step 5: Select the desired Subnet
Identify the specific subnet where the VPC subnet auto assign public IP feature should be disabled.
Step 6: Modify Subnet Attributes
Right-click on the selected subnet and choose "Modify auto-assign IP settings" from the context menu.
Step 7: Disable Auto-Assign Public IP
In the "Modify auto-assign IP settings" window, uncheck the box for "Auto-assign public IPv4 address".
Step 8: Save Changes
Click on the "Save" button to apply the changes to the subnet.
Troubleshooting Steps
There are no specific troubleshooting steps for this rule as it involves a straightforward configuration change. However, if there are any issues encountered during the process, ensure the following:
Please note that remediation steps might vary slightly depending on specific AWS regions or updates to the AWS Management Console UI, but the general process remains the same.