Ensure that a managed Config rule for AWS Elastic IPs (EIPs) attached to EC2 instances launched inside a VPC is created. Config service tracks changes within your AWS resources configuration and saves the recorded data for security and compliance audits. A managed Config rule is a predefined and customizable rule, provided by AWS, that Config utilizes to evaluate whether the specified resources comply with common security best practices.
If you associate an Elastic IP (EIP) address with an EC2 instance, the public IP address attached to the instance is released. AWS Config can evaluate your EC2 instances configuration to ensure there are no publicly addressable IPs currently attached as this would breach the defense in depth model and affect various layers of security.
To determine if there is a managed Config rule that checks whether all EIP addresses allocated to a VPC are attached to EC2 instances or in-use ENIs, available in your AWS account, perform the following actions:
To create a managed AWS Config rule that regularly checks if all EIP addresses allocated to your VPC are attached to EC2 instances or in-use ENIs, perform the following actions: