Ensure that your data-tier instances are not associated with Elastic or Public IP addresses as these database instances don't have to be publicly reachable and must be protected from exposure. This conformity rule assumes that all AWS resources (including instances) created within your data tier are tagged with <data_tier_tag>:<data_tier_tag_value>, where <data_tier_tag> is the tag name and <data_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the data-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
Without an Elastic or Public IP address associated with your data-tier instance, no inbound traffic can reach the instance from the Internet.
Note: Make sure that you replace all <data_tier_tag>:<data_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the data tier.
To determine if your database instances are associated with Public or Elastic IP Addresses, perform the following actions:
Remediation / Resolution
Case A: To remove a Public IP address from a data-tier instance, you must re-launch the instance with the right network configuration. To re-launch your data-tier instance, perform the following:
Case B: To remove an Elastic IP (EIP) address from a data-tier instance, you need to disassociate the instance EIP. To disassociate the Elastic IP, perform the following:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Data-Tier Instances Without Elastic or Public IP Addresses
Risk level: Medium