AWS Config Rule: VPC Subnet Auto Assign Public IP Disabled
SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED
Fernando Honig
Last Update 9 bulan yang lalu
Description: Checks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address. The rule is COMPLIANT if Amazon VPC does not have subnets that are assigned a public IP address. The rule is NON_COMPLIANT if Amazon VPC has subnets that are assigned a public IP address.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka) Region
How to Resolve Manually
To resolve this manually, login to your AWS Management Console, navigate to VPC and select the desired Subnet.
Go to Actions and select Modify auto-assign IP settings. Uncheck the Enable auto-assign public IPv4 address.
How to Resolve with StackZone
StackZone can automatically remediate any resources listed as NON_COMPLIANT with this Config Rule, by running an SSM Document which will set the MapPublicIpOnLaunch attribute to false on your subnets.
Use this remediation with caution however, as it will target all subnets which are returned as NON_COMPLIANT by the AWS Config Rule.
To enable this in your StackZone deployment, head on over to Baseline Services / Config Rules Regional / Network / VPC Subnet Auto Assign IP Disabled Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
