A VPC subnet is a component of the VPC that has its own traffic rules. When a public IP is assigned to a subnet during launch, it may unintentionally expose the instances in the subnet to the internet. Therefore, it is recommended to set the option to 'No' after creating the subnet to prevent this from happening.
To ensure that subnets in a VPC do not assign public IP addresses by default, you can take the following remediation steps:
- Log in to the AWS Management Console and navigate to the VPC service.
- Select the VPC for which you want to disable the automatic assignment of public IP addresses.
- Click on "Subnets" in the left navigation pane to view the list of subnets in the VPC.
- Select the subnet for which you want to disable the automatic assignment of public IP addresses.
- Click on the "Actions" button and select "Modify auto-assign IP settings" from the dropdown menu.
- Change the "Auto-assign IPv4" option to "No" to disable the automatic assignment of public IP addresses.
- Click on the "Save" button to apply the changes.
Once the automatic assignment of public IP addresses is disabled, new instances launched in the subnet will not be assigned a public IP address by default. If an instance requires a public IP address, you can manually assign an Elastic IP address to the instance to enable external connectivity.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.