EC2 subnets should not automatically assign public IP addresses

Description

This check verifies if the configuration of public IP assignment in Amazon Virtual Private Cloud (VPC) subnets has the value of MapPublicIpOnLaunch set to FALSE. The validation is successful only when this attribute is configured as FALSE.

Each subnet includes an attribute that defines whether a network interface created in the subnet is assigned a public IPv4 address automatically. Subnets with this attribute enabled assign a public IP address to the primary network interface of instances launched within them.

Remediation

For instructions on configuring a subnet to disable the automatic assignment of public IP addresses, refer to the Modify the public IPv4 addressing attribute for your subnet section in the Amazon VPC User Guide. Uncheck the box labeled Enable auto-assign public IPv4 address.