Rule: EC2 Instances Should Not Have a Public IP Address
This rule states that EC2 instances should not be assigned a public IP address for security reasons.
| Rule | EC2 instances should not have a public IP address |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
Rule Description:
According to the RBI Cyber Security Framework, it is recommended that EC2 instances should not have a public IP address. This is to ensure the security of the instances and protect them from potential network-based attacks.
Troubleshooting Steps:
- 1.
Identify instances with public IP addresses:
- To identify instances with public IP addresses, you can use the AWS Management Console, AWS CLI, or AWS SDKs.
- If you are using the AWS Management Console, go to the EC2 dashboard and look for instances with a 'Public IP' displayed in the IP column.
- For the AWS CLI, you can use the following command to list instances with public IP addresses:
aws ec2 describe-instances --query 'Reservations[*].Instances[?PublicIpAddress].{InstanceId:InstanceId, PublicIpAddress:PublicIpAddress}' --output table
- 2.
Remove or disassociate the public IP address:
- Once you have identified the instances with public IP addresses, you can either remove or disassociate them.
- If you want to remove the public IP address permanently, you can terminate and replace the instance. Make sure to back up any important data before terminating the instance.
- If you want to disassociate the public IP address temporarily, you can release it and prevent any new assignments. This can be done using the AWS Management Console or the AWS CLI.
- To disassociate the IP address using the AWS CLI, you can use the following command:
aws ec2 disassociate-address --public-ip <public-ip-address>
Necessary Codes:
There are no specific codes associated with this rule. It requires the use of AWS CLI commands to identify and disassociate public IP addresses if needed.
Remediation Steps:
- 1.
Identify instances with public IP addresses using the AWS CLI:
aws ec2 describe-instances --query 'Reservations[*].Instances[?PublicIpAddress].{InstanceId:InstanceId, PublicIpAddress:PublicIpAddress}' --output table - 2.
Review the output of the above command and make a note of the instances that have public IP addresses.
- 3.
Choose one of the following remediation steps based on your requirements:
If you want to permanently remove the public IP address:
a. Backup any important data from the instance if necessary.
b. Terminate the instance with the public IP address.
c. Launch a new instance without a public IP address.
If you want to temporarily disassociate the public IP address:
a. Use the following command to disassociate the IP address:
aws ec2 disassociate-address --public-ip <public-ip-address>b. Prevent future assignments of public IP addresses by modifying the subnet settings or using a different subnet that does not allocate public IP addresses.
- 4.
Verify that the public IP address has been removed or disassociated by using the AWS Management Console or the AWS CLI.
- 5.
Repeat these steps for all instances with public IP addresses found during the identification process.
Note: Removing or disassociating public IP addresses may affect the accessibility of the instances from the internet. Make sure to review your networking requirements before taking any action.