Back to All Checks
High ECS Regional

ECS task sets should not automatically assign public IP addresses

PCI DSS v4.0.1PCI DSS v1.4.4

Description

This control checks whether an Amazon ECS task set is configured to automatically assign public IP addresses. The control fails if AssignPublicIP is set to ENABLED. A public IP address is reachable from the internet. If you configure your task set with a public IP address, the resources associated with the task set can be reached from the internet. ECS task sets shouldn't be publicly accessible, as this may allow unintended access to your container application servers.

Remediation

To ensure ECS task sets don't automatically assign public IP addresses, configure the network settings to disable public IP assignment.

Steps

  1. Navigate to the Amazon ECS console
  2. Select your service and task set
  3. Choose 'Update service' or 'Edit task set'
  4. In the 'Networking' section, ensure 'Public IP' is set to 'Disabled'
  5. Save the configuration to apply the changes
  6. Verify that the task set is not using public IP addresses

Compliance

PCI DSS v4.0.1PCI DSS v1.4.4
Start Your Free Security Check