HIGH
Source
Trivy
ID
AVD-AWS-0164

Instances in a subnet should not receive a public IP address by default.

You should limit the provision of public IP addresses for resources. Resources should not be exposed on the public internet, but should have access limited to consumers required for the function of your application.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Set the instance to not be publicly accessible

1
2
3
4
5
Resources:
  GoodExample:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: vpc-123456

Set the instance to not be publicly accessible

1
2
3
4
resource "aws_subnet" "good_example" {
  vpc_id                  = "vpc-123456"
  map_public_ip_on_launch = false
}