Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

VPC Subnet Auto Assign Public IP Disabled Rule

This rule ensures VPC subnets do not automatically assign public IPs, enhancing cybersecurity controls.

RuleVPC subnet auto assign public IP should be disabled
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Medium

Rule Description

The VPC subnet auto assign public IP should be disabled for Federal Financial Institutions Examination Council (FFIEC) to comply with security regulations and safeguard sensitive financial data. By disabling the auto-assignment of public IP addresses to subnets within the VPC, you ensure that all instances launched in this subnet will only have private IP addresses assigned to them.

Impact of Non-Compliance

Failing to disable the auto-assignment of public IP addresses can expose FFIEC's network infrastructure and sensitive financial information to potential security risks and unauthorized access. It may also violate regulatory requirements imposed on financial institutions, which could result in penalties and reputational damage.

Troubleshooting Steps (if applicable)

  1. 1.
    Identify the VPC in which the affected subnets reside.
  2. 2.
    Determine the subnets within the VPC that currently have auto-assign public IP enabled.
  3. 3.
    Review the instances launched in the affected subnets to identify any instances relying on public IP addresses.
  4. 4.
    Modify the subnet configuration to disable auto-assign public IP for each affected subnet.

Remediation

Follow the step-by-step instructions for remediation:

  1. 1.
    Log in to the AWS Management Console.
  2. 2.
    Navigate to the Amazon VPC service.
  3. 3.
    Select the VPC that hosts the subnets requiring modification.
  4. 4.
    In the VPC Dashboard, click on "Subnets" in the left navigation pane.
  5. 5.
    Identify the subnets that have auto-assign public IP enabled.
  6. 6.
    Select the subnet that is applicable to the FFIEC compliance requirement.
  7. 7.
    Click on the "Actions" button at the top of the subnet list.
  8. 8.
    From the dropdown menu, select "Modify auto-assign IP settings."
  9. 9.
    In the "Modify auto-assign IP settings" dialog box, uncheck the "Auto-assign Public IPv4 address" option.
  10. 10.
    Click on the "Save" button to apply the changes.

Once the changes are saved, any new instances launched within the modified subnet will no longer be assigned public IP addresses automatically.

NOTE: Existing instances within the subnet will retain their previously assigned public IP addresses. To ensure compliance, review the instances launched in these subnets and make appropriate adjustments by assigning Elastic IP addresses or modifying their network configuration if necessary.

CLI Command

If you prefer using the AWS Command Line Interface (CLI) for the remediation steps, you can execute the following command:

aws ec2 modify-subnet-attribute --subnet-id <subnet-id> --no-map-public-ip-on-launch

Make sure to replace

<subnet-id>
with the ID of the actual subnet that requires modification.

Remember to repeat this command for all affected subnets within the VPC.

Conclusion

Disabling the auto-assignment of public IP addresses for the specified subnets in FFIEC's VPC ensures compliance with security regulations and protects sensitive financial data. By following the provided remediation steps, you can mitigate potential security risks and maintain regulatory compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now