Rule: VPC Subnet Auto Assign Public IP Should Be Disabled
This rule ensures that VPC subnets do not automatically assign public IPs, enhancing security measures.
| Rule | VPC subnet auto assign public IP should be disabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description
The rule specifies that the VPC subnet auto assign public IP feature should be disabled for systems and resources that are required to comply with GxP 21 CFR Part 11 regulations.
Why the Rule is Important
In GxP regulated environments, such as healthcare and pharmaceutical industries, compliance with regulations is crucial to ensure data integrity, confidentiality, and overall system security. The auto assign public IP feature in VPC subnets may introduce potential security risks, as it assigns a public IP address to every resource or instance launched in the subnet by default. Disabling this feature helps to prevent unauthorized access to sensitive data and maintain compliance with GxP 21 CFR Part 11.
Troubleshooting Steps (if applicable)
Troubleshooting steps may not be applicable for this particular rule. However, if you encounter any issues related to the configuration, you can follow the remediation steps provided below.
Remediation Steps
To disable the VPC subnet auto assign public IP feature for a subnet, follow the step-by-step guide below:
- 1.
Open the AWS Management Console and navigate to the Amazon VPC service.
- 2.
Select the desired VPC where the subnet is located.
- 3.
Within the VPC Dashboard, click on "Subnets" from the left-hand menu.
- 4.
Identify the target subnet that needs to have the auto assign public IP feature disabled and select it.
- 5.
Click on the "Actions" button and choose "Modify auto-assign IP settings" from the dropdown menu.
- 6.
In the "Modify auto-assign IP settings" dialog box, uncheck the "Enable auto-assign public IPv4 address" option.
- 7.
Click the "Save" button to save the changes.
- 8.
Verify that the auto assign public IP feature has been disabled by checking the subnet's configuration details.
Recommended CLIs (if applicable)
There are no specific CLI commands associated with this rule. The remediation steps provided above can be performed using the AWS Management Console. However, if you prefer using the AWS CLI, you can achieve the same results with the following command:
aws ec2 modify-subnet-attribute --subnet-id <subnet-id> --no-assign-public-ip
Replace
<subnet-id>Conclusion
By disabling the VPC subnet auto assign public IP feature for systems and resources subject to GxP 21 CFR Part 11 regulations, you enhance data security and compliance. Ensure that you follow the recommended steps to disable this feature and verify the changes are successfully applied in the selected subnet.