AWS Config Rule: EC2 Instance No Public IP
EC2_INSTANCE_NO_PUBLIC_IP
Fernando Honig
Last Update 6 months ago
Description: Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association. The rule is NON_COMPLIANT if the publicIp field is present in the Amazon EC2 instance configuration item. This rule applies only to IPv4.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Osaka) Region
How to Resolve Manually
To resolve this manually, on newly created EC2 Instances - pay attention to Step 3 - Configure Instance Details within the Launch Instance menu of the AWS Console from the EC2 Dashboard.
There is a setting called Auto-assign Public IP. Here you are presented with 3 options;
- Use Subnet Setting (Enable/Disable)
- Enable
- Disable
If Enabled, Amazon will assign a public IP address from Amazon's Public IP pool to your instance. As this is not an Elastic IP though, remember that this will only remain attached to this instance until it is stopped or terminated. This is why you will see an IP change of an Instance if it is stopped and started regularly without an Elastic IP.
The Subnet Setting allows you set a top-level setting for the above, at the subnet level. This way, all newly created Instances which are created within a particular subnet will either have a public IPv4 address assigned to it, or not, depending on the Subnet Setting.
If you already have existing instances which do not have an IP4 Public Address assigned to them, you can assign one by either attaching an Elastic IP to the instance or creating a new Elastic Network Interface that has a public IP assigned to it. You can associate the ENI with your EC2 Instance by navigating to Actions -> Networking -> Attach Network Interface
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
