45 lines
921 B
Plaintext
45 lines
921 B
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
include::../ask-yourself.adoc[]
|
||
|
|
|
||
|
|
include::../recommended.adoc[]
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
DMS and EC2 instances have a public IP address assigned to them:
|
||
|
|
|
||
|
|
----
|
||
|
|
DMSInstance:
|
||
|
|
Type: AWS::DMS::ReplicationInstance
|
||
|
|
Properties:
|
||
|
|
PubliclyAccessible: true # sensitive, by default it's also set to true
|
||
|
|
|
||
|
|
|
||
|
|
EC2Instance:
|
||
|
|
Type: AWS::EC2::Instance
|
||
|
|
Properties:
|
||
|
|
NetworkInterfaces:
|
||
|
|
- AssociatePublicIpAddress: true # sensitive, by default it's also set to true
|
||
|
|
DeviceIndex: "0"
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
DMS and EC2 instances doesn't have a public IP address:
|
||
|
|
|
||
|
|
----
|
||
|
|
DMSInstance:
|
||
|
|
Type: AWS::DMS::ReplicationInstance
|
||
|
|
Properties:
|
||
|
|
PubliclyAccessible: false
|
||
|
|
|
||
|
|
|
||
|
|
EC2Instance:
|
||
|
|
Type: AWS::EC2::Instance
|
||
|
|
Properties:
|
||
|
|
NetworkInterfaces:
|
||
|
|
- AssociatePublicIpAddress: false
|
||
|
|
DeviceIndex: "0"
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|