Rule: EC2 instances should not have a public IP address
This rule highlights the importance of restricting public IP addresses for EC2 instances.
| Rule | EC2 instances should not have a public IP address |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description
According to NIST (National Institute of Standards and Technology) 800-171 Revision 2 guidelines, EC2 instances should not have a public IP address. This rule is implemented to ensure the security and protection of sensitive data stored and processed within the instances. By disabling public IP addresses for EC2 instances, the risk of unauthorized access and potential data breaches is mitigated.
Troubleshooting Steps
If an EC2 instance has a public IP address assigned, it means that the instance is accessible directly from the internet. This could be a potential security vulnerability. To troubleshoot and rectify this issue, follow these steps:
- 1.
Identify the EC2 instance(s) with public IP addresses:
- Go to the AWS Management Console.
- Navigate to the EC2 dashboard.
- From the Instances section, identify instances with public IP addresses listed.
- 2.
Check the instance configuration:
- Select the instance with a public IP address.
- Look for the "Public IP" field in the instance details.
- If a public IP address is present, it means the instance has a publicly accessible IP.
- 3.
Determine the source of the public IP assignment:
- Check if the instance was intentionally created with a public IP or if it was configured accidentally.
- 4.
Disable the public IP address:
- If the instance was unintentionally assigned a public IP, follow the steps below to remove it: a. Select the instance in the EC2 dashboard. b. Under the "Actions" dropdown, choose "Networking" and then "Change Source/Dest Check". c. In the "Change Source/Dest. Check" dialog, uncheck the box that enables "Source/Dest. Check". d. Click "Save". e. The instance will be updated, and the public IP address will be removed.
Necessary Code
In case you want to automate the removal of public IP addresses from EC2 instances, you can use AWS CLI (Command Line Interface) commands. Here's an example of the necessary code:
aws ec2 modify-instance-attribute --instance-id <instance-id> --no-source-dest-check --region <region>
Replace
<instance-id><region>Step-by-Step Guide for Remediation
To remediate the issue and remove the public IP address from an EC2 instance, please follow these step-by-step instructions:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 dashboard.
- 3.
Identify the EC2 instance(s) with public IP addresses.
- 4.
Select the instance you want to modify.
- 5.
Under the "Actions" dropdown, choose "Networking" and then "Change Source/Dest Check".
- 6.
In the "Change Source/Dest. Check" dialog, uncheck the box that enables "Source/Dest. Check".
- 7.
Click "Save".
- 8.
The instance will be updated, and the public IP address will be removed.
- 9.
Repeat these steps for any other EC2 instances with public IP addresses.
By following these steps, you will successfully remove the public IP address from EC2 instances, aligning with the NIST 800-171 Revision 2 guideline for enhanced security and compliance.