Instances in a subnet should not receive a public IP address by default.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The subnet configuration assigns public IP addresses to instances by default, making them accessible from the public internet. This exposes internal resources unnecessarily by not restricting network access.
Impact#
Instances with public IPs are directly reachable from the internet, increasing the risk of unauthorized access, external attacks, and potential data breaches. This can compromise the security of the application’s infrastructure and sensitive data.
Resolution#
Set the instance to not be publicly accessible