💼 [EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch

ID: /frameworks/aws-fsbp-v1.0.0/efs/06

Description

Subnets have attributes that determine whether network interfaces automatically receive public IPv4 and IPv6 addresses. For IPv4, this attribute is set to TRUE for default subnets and FALSE for nondefault subnets (with an exception for nondefault subnets created through the EC2 launch instance wizard, where it's set to TRUE). For IPv6, this attribute is set to FALSE for all subnets by default. When these attributes are enabled, instances launched in the subnet automatically receive the corresponding IP addresses (IPv4 or IPv6) on their primary network interface. Amazon EFS mount targets that are launched into subnets that have this attribute enabled have a public IP address assigned to their primary network interface.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-6
Internal
- ID: dec-c-f8e0fcb5

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS EFS Mount Target is in a subnet that assigns public IP addresses on launch🟢	1	🟢 x6	no data

Description​

Similar​

Sub Sections​

Policies (1)​

Description

Similar

Sub Sections

Policies (1)