Ensure that your app-tier EC2 instances are not associated with Elastic or Public IP addresses as these instances don't have to be publicly reachable. This conformity rule assumes that all AWS resources created within your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> is the tag name and <app_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
When your app-tier EC2 instances are not associated with Elastic or Public IP addresses, no inbound traffic can reach the instances from the Internet.
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To determine if your app-tier EC2 instances are associated with Public or Elastic IPs, perform the following:
Remediation / Resolution
Case A: To remove a Public IP address from an app-tier EC2 instance, you must re-launch the instance with the appropriate network configuration. To re-launch your app-tier instance, perform the following actions:
Case B: To remove an Elastic IP (EIP) address from an app-tier EC2 instance, you need to disassociate the instance EIP. To disassociate the existing Elastic IP, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
App-Tier EC2 Instances Without Elastic or Public IP Addresses
Risk level: Medium