Ensure that your web-tier EC2 instances are not associated with Elastic or Public IP addresses as these instances are usually deployed behind an internet-facing load balancer and don't have to be publicly reachable. This conformity rule assumes that all AWS resources (including EC2 instances) created within your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
Without an Elastic or Public IP address associated with your web-tier EC2 instance, no inbound traffic can reach the instance from the Internet.
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if your web-tier EC2 instances are associated with Public or Elastic IP Addresses, perform the following actions:
Remediation / Resolution
Case A: To remove a Public IP address from a web-tier EC2 instance, you must re-launch the instance with the right network interface configuration. To re-launch your web-tier instance, perform the following actions:
Case B: To remove an Elastic IP (EIP) address from a web-tier EC2 instance, you need to disassociate the instance EIP. To disassociate the existing Elastic IP, perform the following:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Web-Tier EC2 Instances Without Elastic or Public IP Addresses
Risk level: Medium