include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

DMS and EC2 instances have a public IP address assigned to them:

[source,yaml]
----
DMSInstance:
    Type: AWS::DMS::ReplicationInstance 
    Properties:
      PubliclyAccessible: true # sensitive, by default it's also set to true


EC2Instance:
    Type: AWS::EC2::Instance 
    Properties:
      NetworkInterfaces: 
        - AssociatePublicIpAddress: true # sensitive, by default it's also set to true
          DeviceIndex: "0"
----

== Compliant Solution

DMS and EC2 instances doesn't have a public IP address:

[source,yaml]
----
DMSInstance:
    Type: AWS::DMS::ReplicationInstance
    Properties:
      PubliclyAccessible: false


EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      NetworkInterfaces: 
        - AssociatePublicIpAddress: false
          DeviceIndex: "0"
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

* Omitting "{parameter}" allows network access from the Internet. Make sure it is safe here.
* Make sure allowing public network access is safe here.


endif::env-github,rspecator-view[]