Check if Amazon EC2 instances launched using Auto Scaling group launch configurations have Public IP addresses.
autoscaling_group_launch_configuration_no_public_ip
This control checks whether an Auto Scaling group's associated launch configuration assigns a public IP address to the group's instances. The control fails if the associated launch configuration assigns a public IP address.
Risk
Assigning a public IP address to EC2 instances can expose them directly to the internet, increasing the risk of unauthorized access and potential security breaches.
prowler aws --checks autoscaling_group_launch_configuration_no_public_ip
arn:aws:autoscaling:region:account-id:launchConfiguration/launchConfigurationName
Recommendation
Create a new launch configuration without a public IP address and update your Auto Scaling groups to use the new configuration.
Remediation
aws autoscaling create-launch-configuration --launch-configuration-name <new-launch-config> --associate-public-ip-address false
Source Code
Resource Type
AwsAutoScalingLaunchConfiguration