aws-vpc-assign-public-ip¶
Ensure VPC subnets do not assign public IP by default
Examples¶
Insecure Example
resource "aws_subnet" "main" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
tags = {
Name = "Main"
}
}
{
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"CidrBlock" : "10.0.1.0/24",
"MapPublicIpOnLaunch" : true,
"VpcId" : {"Ref": "VPC"}
}
}
Secure Example
resource "aws_subnet" "main" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = false
tags = {
Name = "Main"
}
}
{
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"CidrBlock" : "10.0.1.0/24",
"MapPublicIpOnLaunch" : false,
"VpcId" : {"Ref": "VPC"}
}
}