Back to All Checks
Medium EFS Regional

EFS mount targets should not be associated with subnets that assign public IP addresses on launch

FSBP

Description

This control checks whether an Amazon EFS mount target is associated with subnets that assign public IP addresses on launch. The control fails if the mount target is associated with subnets that assign public IP addresses on launch.

Remediation

To ensure EFS mount targets are not associated with subnets that assign public IP addresses, you need to modify the subnet configuration or move the mount targets to private subnets.

Steps

  1. Navigate to the Amazon VPC console
  2. Select the subnet where your EFS mount target is located
  3. Choose 'Actions' and then 'Modify auto-assign IP settings'
  4. Disable 'Auto-assign public IPv4 address' for the subnet
  5. Alternatively, create a new private subnet and move the mount target
  6. Verify that the mount target is no longer publicly accessible

Compliance

FSBP
Start Your Free Security Check