Check if Amazon EC2 instances launched using Auto Scaling group launch configurations have Public IP addresses.
autoscaling_group_launch_configuration_no_public_ip
This control checks whether an Auto Scaling group's associated launch configuration assigns a public IP address to the group's instances. The control fails if the associated launch configuration assigns a public IP address.
Risk
Assigning a public IP address to EC2 instances can expose them directly to the internet, increasing the risk of unauthorized access and potential security breaches.
Run this check with Prowler CLI
prowler aws --checks autoscaling_group_launch_configuration_no_public_ip
ARN template
arn:aws:autoscaling:region:account-id:launchConfiguration/launchConfigurationName
Remediation
aws autoscaling create-launch-configuration --launch-configuration-name <new-launch-config> --associate-public-ip-address false
https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-5
Create a new launch configuration without a public IP address and update your Auto Scaling groups to use the new configuration.
Source Code
Resource Type
AwsAutoScalingLaunchConfiguration