This rule ensures EC2 instances do not have a public IP address for enhanced security.
Rule | EC2 instances should not have a public IP address |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ High |
Rule Description:
The rule in NIST Cybersecurity Framework (CSF) v1 specifies that EC2 instances should not have public IP addresses. This rule is enforced to ensure the security and protection of the EC2 instances from potential external threats. Public IP addresses make the instances directly accessible from the internet, increasing the attack surface and exposing them to potential vulnerabilities.
Troubleshooting Steps (if applicable):
If an EC2 instance is found to have a public IP address, follow the below troubleshooting steps to remediate the issue:
Identify the EC2 instance(s) with a public IP address by checking the instance details in the AWS Management Console or using the AWS CLI command
describe-instances
.Determine whether a public IP address is required for the instance. If not, proceed with removing it to adhere to the CSF v1 rule.
Remediation Steps:
To remove the public IP address from an EC2 instance, follow these step-by-step remediation guidelines:
Log in to the AWS Management Console.
Navigate to the EC2 Dashboard.
Identify the EC2 instance(s) that have public IP addresses.
Select the target EC2 instance.
Click on the "Actions" button and choose "Networking" and then "Manage IP addresses".
In the "Manage IP addresses" window, deselect the option "Enable Auto-assign Public IP" and click "Save".
Alternatively, if you wish to assign an Elastic IP address to the EC2 instance for private access, you can do so by selecting "Allocate new address" in the "Manage IP addresses" window.
Confirm the changes by reviewing the details in the EC2 instance description or using the AWS CLI command
describe-instances
to ensure that the public IP address is no longer associated with the instance.Repeat the above steps for any other EC2 instances that have public IP addresses.
By following these remediation steps, the EC2 instances will no longer have public IP addresses, complying with the NIST CSF v1 rule. This reduces the attack surface and enhances the security posture of the instances.
Note: It's essential to assess the impact of removing the public IP address on the required functionality or connectivity of the EC2 instance(s) to ensure there are no unintended consequences.