This rule ensures VPC subnets do not automatically assign public IPs, enhancing cybersecurity controls.
Rule | VPC subnet auto assign public IP should be disabled |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ Medium |
Rule Description
The VPC subnet auto assign public IP should be disabled for Federal Financial Institutions Examination Council (FFIEC) to comply with security regulations and safeguard sensitive financial data. By disabling the auto-assignment of public IP addresses to subnets within the VPC, you ensure that all instances launched in this subnet will only have private IP addresses assigned to them.
Impact of Non-Compliance
Failing to disable the auto-assignment of public IP addresses can expose FFIEC's network infrastructure and sensitive financial information to potential security risks and unauthorized access. It may also violate regulatory requirements imposed on financial institutions, which could result in penalties and reputational damage.
Troubleshooting Steps (if applicable)
Remediation
Follow the step-by-step instructions for remediation:
Once the changes are saved, any new instances launched within the modified subnet will no longer be assigned public IP addresses automatically.
NOTE: Existing instances within the subnet will retain their previously assigned public IP addresses. To ensure compliance, review the instances launched in these subnets and make appropriate adjustments by assigning Elastic IP addresses or modifying their network configuration if necessary.
CLI Command
If you prefer using the AWS Command Line Interface (CLI) for the remediation steps, you can execute the following command:
aws ec2 modify-subnet-attribute --subnet-id <subnet-id> --no-map-public-ip-on-launch
Make sure to replace
<subnet-id>
with the ID of the actual subnet that requires modification.Remember to repeat this command for all affected subnets within the VPC.
Conclusion
Disabling the auto-assignment of public IP addresses for the specified subnets in FFIEC's VPC ensures compliance with security regulations and protects sensitive financial data. By following the provided remediation steps, you can mitigate potential security risks and maintain regulatory compliance.