💼 [EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch
- ID:
/frameworks/aws-fsbp-v1.0.0/efs/06
Stats
not available
Description
Subnets have attributes that determine whether network interfaces automatically receive public IPv4 and IPv6 addresses. For IPv4, this attribute is set to TRUE for default subnets and FALSE for nondefault subnets (with an exception for nondefault subnets created through the EC2 launch instance wizard, where it's set to TRUE). For IPv6, this attribute is set to FALSE for all subnets by default. When these attributes are enabled, instances launched in the subnet automatically receive the corresponding IP addresses (IPv4 or IPv6) on their primary network interface. Amazon EFS mount targets that are launched into subnets that have this attribute enabled have a public IP address assigned to their primary network interface.
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-f8e0fcb5
- ID:
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS EFS Mount Target is in a subnet that assigns public IP addresses on launch🟢 | 1 | 🟢 x6 | no data |