Skip to main content

💼 [EC2.15] Amazon EC2 subnets should not automatically assign public IP addresses

  • ID: /frameworks/aws-fsbp-v1.0.0/ec2/15

Description

Subnets have attributes that determine whether network interfaces automatically receive public IPv4 and IPv6 addresses. For IPv4, this attribute is set to TRUE for default subnets and FALSE for nondefault subnets (with an exception for nondefault subnets created through the EC2 launch instance wizard, where it's set to TRUE). For IPv6, this attribute is set to FALSE for all subnets by default. When these attributes are enabled, instances launched in the subnet automatically receive the corresponding IP addresses (IPv4 or IPv6) on their primary network interface.

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement15559no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control31no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement3269123no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3763no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege102372no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-21 Information Sharing219no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection29493no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(3) Boundary Protection _ Access Points19no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services49no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic34no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic37no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components37no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation20no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components37no data
💼 PCI DSS v4.0.1 → 💼 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.15no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS VPC Subnet Map Public IP On Launch is enabled🟢1🟢 x6no data