EC2 Instance Is Internet Facing With Instance Profile

Overview

Checks if an EC2 instance is internet-facing and has an instance profile, a configuration that might lead to unauthorized access or exposure of sensitive information.

If an EC2 instance is publicly accessible and has an associated IAM role, it may allow malicious actors to exploit permissions granted to the instance, leading to data breaches or other compromises. Ensuring that instances are not internet-facing with instance profiles reduces the surface area for potential attacks.

Vendor

AWS

Cloud Service

EC2

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Severity

Item Types

AWS::EC2::Instance

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​