Skip to main content

lacework-global-128

EC2 instances should not have a Public IP address attached

Description

It is generally recommended to use an Internet Gateway or Network Address Translation (NAT) Gateway for outbound internet access, and a Load balancer for inbound access.

Remediation

Recreate, stop or terminate EC2 instances with public IP addresses.

  1. Log in to the AWS Management Console.
  2. Select Services.
  3. Select EC2.
  4. In the left navigation panel, under Instances, select Instances.
  5. Click the gear icon to display the Preferences.
  6. Under Attribute columns, toggle Public IPV4 address to on (toggle to the right).
  7. Check if there are any EC2 instances with a public IP address in the Public IPv4 address column.
  8. If an EC2 instance with a public IP address is not required, stop or terminate the instance.
  9. If a required EC2 instance with a public IP address does not need a public IP address, create an Amazon Machine Image (AMI) from the EC2 instance, launch a new EC2 instance using the AMI, selecting Disable against Auto-assign Public IP, and stop or terminate the original EC2 instance.
  10. Repeat this procedure for all regions used by your organization.