Skip to content

aws-vpc-assign-public-ip

Ensure VPC subnets do not assign public IP by default

Examples

Insecure Example

resource "aws_subnet" "main" {
    vpc_id                   =  aws_vpc.main.id
    cidr_block               =  "10.0.1.0/24"
    map_public_ip_on_launch  =  true
    tags = {
        Name = "Main"
    }
}
{
  "Type" : "AWS::EC2::Subnet",
  "Properties" : {
      "CidrBlock" : "10.0.1.0/24",
      "MapPublicIpOnLaunch" : true,
      "VpcId" : {"Ref": "VPC"}
    }
}

Secure Example

resource "aws_subnet" "main" {
    vpc_id                   =  aws_vpc.main.id
    cidr_block               =  "10.0.1.0/24"
    map_public_ip_on_launch  =  false
    tags = {
        Name = "Main"
    }
}
{
  "Type" : "AWS::EC2::Subnet",
  "Properties" : {
      "CidrBlock" : "10.0.1.0/24",
      "MapPublicIpOnLaunch" : false,
      "VpcId" : {"Ref": "VPC"}
    }
}

More information