Instance With No VPC
- Query id: 61d1a2d0-4db8-405a-913d-5d2ce49dff6f
- Query name: Instance With No VPC
- Platform: Ansible
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
EC2 Instances should be configured under a VPC network. AWS VPCs provide the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: Start an instance and have it begin a Tower callback on boot
community.aws.ec2_instance:
name: "tower-callback-test"
key_name: "prod-ssh-key"
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: "A value"
- name: Start an instance and have it begin a Tower callback on boot v2
amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
group: webserver
count: 3
assign_public_ip: yes
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Start an instance and have it begin a Tower callback on boot v3
community.aws.ec2_instance:
name: tower-callback-test
key_name: prod-ssh-key
vpc_subnet_id: subnet-5ca1ab1e
security_group: default
tower_callback:
# IP or hostname of tower server
tower_address: 1.2.3.4
job_template_id: 876
host_config_key: '[secret config key goes here]'
network:
assign_public_ip: true
image_id: ami-123456
cpu_credit_specification: unlimited
tags:
SomeThing: A value
- name: Start an instance and have it begin a Tower callback on boot v4
amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
image: ami-123456
wait: yes
group: webserver
count: 3
vpc_subnet_id: subnet-29e63245
assign_public_ip: yes