EC2 instance configured with public IP is detected. To minimize the risk of unauthorized access to your instances, do not allow public IP associations unless absolutely necessary.
1resource "aws_instance" "public_ins" {
2 ami = "ami-0130bec6e5047f596"
3 instance_type = "t3.nano"
4# Noncompliant: `associate_public_ip_address` is set to true.
5 associate_public_ip_address = true
6 vpc_security_group_ids = [aws_security_group.publicly_accessible_sg.id]
7 subnet_id = aws_subnet.nondefault_1.id
8 iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name
9 monitoring = true
10 ebs_optimized = true
11
12 metadata_options {
13 http_tokens = "required"
14 http_endpoint = "disabled"
15 http_put_response_hop_limit = 1
16 }
17
18 root_block_device {
19 volume_type = "gp2"
20 volume_size = 8
21 encrypted = true
22 delete_on_termination = true
23 }
1resource "aws_instance" "public_ins" {
2 ami = "ami-0130bec6e5047f596"
3 instance_type = "t3.nano"
4 # Compliant: `associate_public_ip_address` is set to false.
5 associate_public_ip_address = false
6 vpc_security_group_ids = [aws_security_group.publicly_accessible_sg.id]
7 subnet_id = aws_subnet.nondefault_1.id
8 iam_instance_profile = aws_iam_instance_profile.example_instance_profile.name
9 monitoring = true
10 ebs_optimized = true
11
12 metadata_options {
13 http_tokens = "required"
14 http_endpoint = "disabled"
15 http_put_response_hop_limit = 1
16 }
17
18 root_block_device {
19 volume_type = "gp2"
20 volume_size = 8
21 encrypted = true
22 delete_on_termination = true
23 }
24
25}