search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.53k stars 1.51k forks source link

feat(ec2): Ensure EC2 launch templates do not assign public IPs #4852

Open MarioRgzLpz opened 2 weeks ago

MarioRgzLpz commented 2 weeks ago

Context

This check verifies whether Amazon EC2 launch templates are configured to assign public IP addresses to network interfaces upon launch. The check fails if an EC2 launch template is set to assign a public IP address to network interfaces or if any network interface has a public IP address.

Description

Added ec2_launch_template_no_public_ip check with metadata and respective unit tests.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

sergargar commented 2 weeks ago

Can we also check the second part of the check? "The control fails if an EC2 launch template is configured to assign a public IP address to network interfaces or if there is at least one network interface that has a public IP address."