Network misconfigurations

VPC allows automatic public IP assignment

Description

A virtual private cloud (VPC) is a private virtual network in your AWS account, which is logically isolated from other virtual networks in AWS cloud. A VPC subnet is a subdivision of the VPC network, which has a range of IP addresses. A VPC subnet can be private or public, meaning that the IP addresses within the subnet are private or public. It was found that the subnet {AwsSubnet} automatically assigns public IPv4 to instances at launch, which might expose your resources to the internet.
  • Recommended Mitigation

    It is recommended to disable the automatic public IP assignment for VPC subnets, by making sure that the field 'MapPublicIpOnLaunch' is set to false, if exists. From AWS VPC console, it is done by clearing the 'Enable auto-assign public IPv4 address' checkbox in 'Subnet Actions, Modify auto-assign IP settings' of your subnet.