Terraform Associate Public Ip Address True
Description
Detects when AWS EC2 instances or launch templates are configured to automatically associate public IP addresses. This configuration may expose EC2 instances directly to the internet, increasing the attack surface and potentially violating security best practices that recommend using private subnets with controlled internet access.
Detection Strategy
• Analyze AWS resource definitions in infrastructure-as-code files
• Look for 'aws_instance' or 'aws_launch_template' resource blocks
• Check if the resource has 'associate_public_ip_address' set to true
• Report a vulnerability when an EC2 resource is configured to automatically receive a public IP address
Vulnerable code example
resource "aws_instance" "vulnerable" {
ami = "ami-04b9e92b5572fa0d1"
instance_type = "t2.small"
# Security risk: Exposing instance to public internet
associate_public_ip_address = true
# Security risk: No encryption specified for EBS volumes...✅ Secure code example
resource "aws_instance" "secure" {
ami = "ami-04b9e92b5572fa0d1"
instance_type = "t2.small"
# Disable public IP to prevent direct internet exposure
associate_public_ip_address = false
# Enable encryption for EBS volumes...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.