EC2 Instance Has Public IP
- Query id: a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1
- Query name: EC2 Instance Has Public IP
- Platform: Ansible
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
EC2 Instance should not have a public IP address.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: example
amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
count: 3
vpc_subnet_id: subnet-29e63245
assign_public_ip: yes
- name: Create an ec2 launch template
community.aws.ec2_launch_template:
name: "my_template"
image_id: "ami-04b762b4289fba92b"
key_name: my_ssh_key
instance_type: t2.micro
network_interfaces:
associate_public_ip_address: true
- name: start an instance with a public IP address
community.aws.ec2_instance:
name: "public-compute-instance"
key_name: "prod-ssh-key"
vpc_subnet_id: subnet-5ca1ab1e
instance_type: c5.large
security_group: default
network:
assign_public_ip: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- amazon.aws.ec2:
key_name: mykey
instance_type: t2.micro
count: 3
vpc_subnet_id: subnet-29e63245
assign_public_ip: false
- name: Create an ec2 launch template
community.aws.ec2_launch_template:
name: my_template
image_id: ami-04b762b4289fba92b
key_name: my_ssh_key
instance_type: t2.micro
- name: Create an ec2 launch template
community.aws.ec2_launch_template:
name: "my_template"
image_id: "ami-04b762b4289fba92b"
key_name: my_ssh_key
instance_type: t2.micro
network_interfaces:
- interface_type: interface
ipv6_addresses: []
mac_address: '0 e: 0 e: 36: 60: 67: cf'
network_interface_id: eni - 061 dee20eba3b445a
owner_id: '721066863947'
source_dest_check: true
status: " in -use"