Auto Scaling group launch configuration should not assign public IP addresses

Description

This control examines whether the launch configuration of an Auto Scaling group assigns a public IP address to its instances. The control fails if the launch configuration enables public IP addresses to be assigned.

Instances within an Auto Scaling group should not be assigned a public IP address, except in specific, limited scenarios. EC2 instances should typically be accessed through a load balancer rather than being directly exposed to the internet.

Remediation

For guidance on updating Auto Scaling launch configurations, refer to the Change the launch configuration for an Auto Scaling group section of the Amazon EC2 Auto Scaling User Guide.