Json Yaml Misconfigured Public Ip Address

Description

Detects when EC2 instances or launch templates in CloudFormation are configured to automatically assign public IP addresses. This creates unnecessary internet exposure for EC2 instances that don't require direct public access, violating the principle of least privilege.

Weakness:

333 - Insecure service configuration - EC2

Category: Functionality Abuse

Detection Strategy

• Check if the CloudFormation resource type is either AWS::EC2::Instance or AWS::EC2::LaunchTemplate

• Examine the resource properties to identify if AssociatePublicIpAddress is enabled

• Flag resources where public IP address assignment is configured, as this may create unnecessary internet exposure

Vulnerable code example

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-04d5cc9b88example
      InstanceType: t2.micro
      NetworkInterfaces:
        - DeviceIndex: '0'  # Vulnerable: Multiple network interfaces with same DeviceIndex...

✅ Secure code example

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-04d5cc9b88example
      InstanceType: t2.micro
      NetworkInterfaces:
        - DeviceIndex: '0'  # Primary network interface...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.