AWS Config Rule: VPC Subnet Auto Assign Public IP Disabled


Fernando Honig

Last Update 8 เดือนที่แล้ว

Description: Checks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address. The rule is COMPLIANT if Amazon VPC does not have subnets that are assigned a public IP address. The rule is NON_COMPLIANT if Amazon VPC has subnets that are assigned a public IP address.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region

How to Resolve Manually

To resolve this manually, login to your AWS Management Console, navigate to VPC and select the desired Subnet.

Go to Actions and select Modify auto-assign IP settings. Uncheck the Enable auto-assign public IPv4 address.

How to Resolve with StackZone

StackZone can automatically remediate any resources listed as NON_COMPLIANT with this Config Rule, by running an SSM Document which will set the MapPublicIpOnLaunch attribute to false on your subnets.

Use this remediation with caution however, as it will target all subnets which are returned as NON_COMPLIANT by the AWS Config Rule.

To enable this in your StackZone deployment, head on over to Baseline Services / Config Rules Regional / Network / VPC Subnet Auto Assign IP Disabled Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us