include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Noncompliant Code Example

DMS and EC2 instances have a public IP address assigned to them:

----
resource "aws_instance" "noncompliantec2" {
  associate_public_ip_address = true # Sensitive, by default it's also set to true
}

resource "aws_dms_replication_instance" "noncompliantdms" {
  publicly_accessible          = true # Sensitive, by default it's also set to true
}
----

== Compliant Solution

DMS and EC2 instances doesn't have a public IP address:

----
resource "aws_instance" "compliantec2" {
  associate_public_ip_address = false
}

resource "aws_dms_replication_instance" "compliantdms" {
  publicly_accessible          = false
}
----

include::../see.adoc[]