AWS Config Rule: AutoScaling Group Launch Config Public IP Disabled
AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
Eduardo Van Cauteren
Last Update 6 months ago
Description: Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations. This rule is NON_COMPLIANT if the Launch Configuration for an Auto Scaling group has AssociatePublicIpAddress set to 'true'.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary) Region
How to Resolve Manually
This config rules checks if a particular Launch Configuration is configured to assign a public IP for a given AutoScaling Group. If the Launch Configuration is set to assign public IPs within its settings, the rule will be marked as non-compliant.
As stated in AWS documentation, you can't edit a Launch Configuration after its creation. To resolve this, you should first go to EC2 Console then head on over Auto Scaling and choose Launch Configurations. Locate and select the desired launch configuration and click on Copy launch configuration button under Details panel. This sets up a new launch configuration with the same options as the original, but with "Copy" added to the name.
Once there, you will be presented with all available settings for the template. Look for the Additional configuration - optional card, expand Advanced details and edit the IP address type. Check the following screenshot as an example:
Once you have reviewed all the settings, click on Create launch configuration button to save. Finally delete the old one to make the config rule compliant.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here