lacework-global-724
Instance has a public IP address (Automated)
Description
Alert when a Compute instance has a public IP address from a Virtual Network Interface Card (VNIC).
Remediation
From Console:
- Open the navigation menu and click Compute. Under Compute, click Instances.
- Click the instance to view its details.
- Under Resources, click Attached VNICs.
- Click the VNIC with the public IP address.
- Under Resources, click IPv4 Addresses.
- For the VNIC's primary private IP, click the Actions menu, and then click Edit.
- In the Public IP Address section, for Public IP Type, select the radio button for No Public IP.
- Click Update.
From CLI:
Run the following code snippet:
for region in $(oci iam region list | jq -r '.data[] | .name')
do
echo "Enumerating region $region"
for compid in $(oci iam compartment list --include-root --compartment-id-in-subtree TRUE 2>/dev/null | jq -r '.data[] | .id')
do
echo "Enumerating compartment $compid"
for vmid in $(oci compute instance list --compartment-id $compid 2>/dev/null | jq -r '.data[] | .id')
do
output=$(oci compute instance list-vnics --instance-id $vmid 2>/dev/null | jq -r '.data[] | select(."public-ip" != null)')
if [ ! -z "$output" ]; then echo "Instance ID=", $vmid, "VNIC=", $output; fi
done
done
done
For each instance noted from the preceding command, run:
oci compute instance list-vnics --instance-id <instance_ocid>
For each public IP, run:
oci network public-ip delete --public-ip-id <public_id_ocid>