16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
61 lines
1.2 KiB
Plaintext
61 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
DMS and EC2 instances have a public IP address assigned to them:
|
|
|
|
[source,yaml]
|
|
----
|
|
DMSInstance:
|
|
Type: AWS::DMS::ReplicationInstance
|
|
Properties:
|
|
PubliclyAccessible: true # sensitive, by default it's also set to true
|
|
|
|
|
|
EC2Instance:
|
|
Type: AWS::EC2::Instance
|
|
Properties:
|
|
NetworkInterfaces:
|
|
- AssociatePublicIpAddress: true # sensitive, by default it's also set to true
|
|
DeviceIndex: "0"
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
DMS and EC2 instances doesn't have a public IP address:
|
|
|
|
[source,yaml]
|
|
----
|
|
DMSInstance:
|
|
Type: AWS::DMS::ReplicationInstance
|
|
Properties:
|
|
PubliclyAccessible: false
|
|
|
|
|
|
EC2Instance:
|
|
Type: AWS::EC2::Instance
|
|
Properties:
|
|
NetworkInterfaces:
|
|
- AssociatePublicIpAddress: false
|
|
DeviceIndex: "0"
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* Omitting "{parameter}" allows network access from the Internet. Make sure it is safe here.
|
|
* Make sure allowing public network access is safe here.
|
|
|
|
|
|
endif::env-github,rspecator-view[] |