This rule ensures that VPC subnets do not automatically assign public IP addresses to instances.
Rule | VPC subnet auto assign public IP should be disabled |
Framework | FedRAMP Moderate Revision 4 |
Severity | ✔ Medium |
Rule/Policy Description:
The VPC subnet auto assign public IP should be disabled for FedRAMP Moderate Revision 4. This rule is in place to ensure compliance with the FedRAMP Moderate security requirements. Disabling the auto-assignment of public IP addresses for VPC subnets helps control network access and minimizes potential exposure to the public internet.
Enabling the auto-assign public IP feature for VPC subnets increases the risk of unauthorized access and potential security breaches. Hence, it is crucial to disable this feature to meet the security standards mandated by FedRAMP.
Troubleshooting Steps (if applicable):
If you encounter any issues while disabling the auto-assign public IP for VPC subnets, the following steps can be helpful for troubleshooting:
Verify IAM Permissions: Ensure that the user or role attempting to modify the VPC subnet settings has sufficient permissions to make changes.
Check VPC Subnet Configuration: Double-check the VPC subnet configuration to confirm that the auto-assign public IP feature is currently enabled.
Review Logs: Analyze the relevant logs or event messages to identify any error or warning messages that could provide insights into the issue.
Consult AWS Support: If the issue persists or you are unable to troubleshoot, it is advisable to reach out to AWS support for further assistance.
Necessary Codes (if applicable):
There are no specific codes associated with this rule. Instead, the configuration settings for VPC subnets need to be adjusted manually.
Step-by-Step Guide for Remediation:
Following is a step-by-step guide to disabling the auto assign public IP feature for VPC subnets:
Open the AWS Management Console and navigate to the Amazon VPC service.
Select the VPC that needs to be modified and choose "Subnets" from the left-hand menu.
Identify the specific subnet for which you want to disable the auto-assign public IP.
Select the checkbox next to the desired subnet and click on the "Actions" button at the top.
From the dropdown menu, choose "Modify Auto-Assign IP Settings."
In the "Modify Auto-Assign IP Settings" dialog box, uncheck the "Auto-assign Public IPv4 address" option.
Click on the "Save" button to apply the changes.
Validate the changes by reviewing the subnet details, ensuring that the auto-assign public IP feature is now disabled.
Repeat the above steps for any other VPC subnets where you need to disable this feature.
Note: It is crucial to test the connectivity of resources within the VPC after making this change to ensure that critical services are not disrupted.
By following the above steps, you will successfully disable the auto-assign public IP feature for VPC subnets, conforming to the required FedRAMP Moderate Revision 4 guideline.