Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Not Have a Public IP Address

This rule ensures that EC2 instances do not have public IP addresses for enhanced security.

RuleEC2 instances should not have a public IP address
FrameworkSOC 2
Severity
High

Rule Description:

In order to comply with SOC 2 standards, EC2 instances should not have a public IP address assigned to them. Having a public IP address on an EC2 instance can expose it to potential security risks, as it allows direct access from the internet. Disabling public IP addresses helps to maintain a secure and controlled environment for sensitive data and systems.

Rule Remediation:

Follow the step-by-step guide below to disable public IP addresses for EC2 instances:

  1. 1.

    Identify EC2 instances with public IP addresses:

    • Open the Amazon EC2 Management Console.
    • Navigate to the EC2 Dashboard.
    • Filter the instances by their assigned public IP addresses.
  2. 2.

    Note down the instance IDs of the EC2 instances with public IP addresses.

  3. 3.

    Update the security groups associated with the EC2 instances:

    • Go to the Amazon EC2 Management Console.
    • Navigate to the EC2 Dashboard.
    • Select the EC2 instance with the public IP address.
    • Click on the "Security" tab.
    • Identify the security group(s) associated with the instance.
    • Go to the "Security Groups" page from the left-side menu.
    • Select the security group associated with the instance.
    • Click on the "Inbound Rules" tab.
    • Remove or modify any rules that allow inbound traffic from the internet.
    • Repeat this step for all identified security groups.
  4. 4.

    Update the instance configuration:

    • Go to the EC2 Dashboard.
    • Select the EC2 instance.
    • Click on the "Actions" dropdown menu.
    • Choose "Networking" and then "Manage IP Addresses".
    • Select "Disable" for the "Auto-assign Public IP" option.
    • Click "Save".
  5. 5.

    Verify the changes:

    • Confirm that the EC2 instance no longer has a public IP assigned to it.
    • Test connectivity to ensure that the instance can still communicate within the desired network or VPC.

Troubleshooting Steps:

  1. 1.
    If the EC2 instance still has a public IP address after following the remediation guide, ensure that the configuration changes were saved correctly.
  2. 2.
    Double-check the security groups associated with the instance and ensure that no inbound rules allow traffic from the internet.
  3. 3.
    Check if any Elastic IP addresses are associated with the instance and remove them if necessary.
  4. 4.
    If the EC2 instance loses connectivity after disabling the public IP, review the network configuration, routing tables, and network ACLs to ensure proper communication within the network or VPC.
  5. 5.
    If troubleshooting the above steps does not resolve the issue, consult the AWS documentation or contact AWS support for further assistance.

Code:

No specific code is necessary for this remediation as it involves configuration changes through the Amazon EC2 Management Console.

Notes:

  • Disabling public IP addresses on EC2 instances helps to reduce the attack surface and enhances the security posture of the environment.
  • It is important to ensure that EC2 instances requiring internet connectivity have alternative secure methods, such as a NAT Gateway or proxy, in place to access the internet.

Is your System Free of Underlying Vulnerabilities?
Find Out Now