A Config rule that checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association. The rule is NON_COMPLIANT if the publicIp field is present in the Amazon EC2 instance configuration item. This rule applies only to IPv4
This config rule supports Auto Remediation actions using SSM Automation. The following actions are supported:
In addition to an action, a notification using an SNS Topic can be added to send a custom message when a non-compliant resource is detected. (Make sure to update the email address from the default email@example.com)
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: ec2-instance-no-public-ip
Scope:
ComplianceResourceTypes:
- 'AWS::EC2::Instance'
Description: >-
A Config rule that checks whether Amazon Elastic Compute Cloud (Amazon
EC2) instances have a public IP association. The rule is NON_COMPLIANT
if the publicIp field is present in the Amazon EC2 instance
configuration item. This rule applies only to IPv4
Source:
Owner: AWS
SourceIdentifier: EC2_INSTANCE_NO_PUBLIC_IP
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: AWS Documentation
Additional Documentation: