Skip to content

VPC subnets should not allow automatic public IP assignment

Description

VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.

Fix - Buildtime

Terraform

  • Resource: aws_subnet
  • Argument: map_public_ip_on_launch

go aws_subnet.test.tf resource "aws_subnet" "test" { ... + map_public_ip_on_launch = false }