Skip to main content

πŸ’Ό [EC2.25] Amazon EC2 launch templates should not assign public IPs to network interfaces

  • Contextual name: πŸ’Ό [EC2.25] Amazon EC2 launch templates should not assign public IPs to network interfaces

  • ID: /frameworks/aws-fsbp-v1.0.0/ec2/25

  • Located in: πŸ’Ό Elastic Compute Cloud (EC2)

Description​

A public IP address is one that is reachable from the internet. If you configure your network interfaces with a public IP address, then the resources associated with those network interfaces may be reachable from the internet. EC2 resources shouldn't be publicly accessible because this may permit unintended access to your workloads.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3 Access Enforcement15417
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(7) Access Enforcement _ Role-based Access Control7
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4 Information Flow Enforcement326173
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3539
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-6 Least Privilege102126
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-21 Information Sharing22
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7 Boundary Protection29533
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(3) Boundary Protection _ Access Points2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(4) Boundary Protection _ External Telecommunications Services17
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic7
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic15
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(16) Boundary Protection _ Prevent Discovery of System Components16
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(21) Boundary Protection _ Isolation of System Components16
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.3

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags