This rule states that Unused EC2 Elastic IPs should be removed to ensure compliance with PCI standards.
Rule | Unused EC2 EIPs should be removed |
Framework | PCI v3.2.1 |
Severity | ✔ Low |
Rule Description:
Unused EC2 EIPs (Elastic IP addresses) should be removed for compliance with PCI DSS v3. Elastic IP addresses are static, public IP addresses that can be attached to EC2 instances. These addresses are meant for dynamic assignment and should not be left unused, as it can increase security risks.
Troubleshooting Steps:
Necessary Codes:
There are no specific codes for this rule. However, you can use the AWS Command Line Interface (CLI) to facilitate the troubleshooting and remediation steps.
Step-by-Step Guide for Remediation:
Step 1: Identify Unused Elastic IP Addresses
Step 2: Determine the Status of Elastic IP Addresses
aws ec2 describe-addresses --public-ips <EIP-1> <EIP-2> ...
Replace
<EIP-1>
, <EIP-2>
, etc., with the IP addresses noted in Step 2.Step 3: Detach Unused Elastic IP Addresses
aws ec2 disassociate-address --association-id <ASSOCIATION-ID>
Replace
<ASSOCIATION-ID>
with the association ID of the Elastic IP address to be detached from an instance.Step 4: Release Unused Elastic IP Addresses
aws ec2 release-address --allocation-id <ALLOCATION-ID>
Replace
<ALLOCATION-ID>
with the allocation ID of the unused Elastic IP address.Step 5: Verification
By following these steps, you can ensure that any unused Elastic IP addresses are removed from your AWS account, complying with the PCI DSS v3 requirement.