2021-09-13 14:01:24 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
2023-05-03 11:06:20 +02:00
|
|
|
== Sensitive Code Example
|
2021-09-13 14:01:24 +02:00
|
|
|
|
|
|
|
|
DMS and EC2 instances have a public IP address assigned to them:
|
|
|
|
|
|
2023-05-05 11:12:16 +02:00
|
|
|
[source,yaml]
|
2021-09-13 14:01:24 +02:00
|
|
|
----
|
|
|
|
|
DMSInstance:
|
|
|
|
|
Type: AWS::DMS::ReplicationInstance
|
|
|
|
|
Properties:
|
|
|
|
|
PubliclyAccessible: true # sensitive, by default it's also set to true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EC2Instance:
|
|
|
|
|
Type: AWS::EC2::Instance
|
|
|
|
|
Properties:
|
|
|
|
|
NetworkInterfaces:
|
|
|
|
|
- AssociatePublicIpAddress: true # sensitive, by default it's also set to true
|
|
|
|
|
DeviceIndex: "0"
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
DMS and EC2 instances doesn't have a public IP address:
|
|
|
|
|
|
2023-05-05 11:12:16 +02:00
|
|
|
[source,yaml]
|
2021-09-13 14:01:24 +02:00
|
|
|
----
|
|
|
|
|
DMSInstance:
|
|
|
|
|
Type: AWS::DMS::ReplicationInstance
|
|
|
|
|
Properties:
|
|
|
|
|
PubliclyAccessible: false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EC2Instance:
|
|
|
|
|
Type: AWS::EC2::Instance
|
|
|
|
|
Properties:
|
|
|
|
|
NetworkInterfaces:
|
|
|
|
|
- AssociatePublicIpAddress: false
|
|
|
|
|
DeviceIndex: "0"
|
|
|
|
|
----
|
|
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
include::../see.adoc[]
|
2022-03-15 11:55:32 +01:00
|
|
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
2023-05-25 14:18:12 +02:00
|
|
|
=== Message
|
|
|
|
|
|
|
|
|
|
* Omitting "{parameter}" allows network access from the Internet. Make sure it is safe here.
|
|
|
|
|
* Make sure allowing public network access is safe here.
|
|
|
|
|
|
2022-03-15 11:55:32 +01:00
|
|
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|
