Control: AWS > PCI v3.2.1 > EC2 > 4 Unused EC2 EIPs should be removed
This control checks whether Elastic IP addresses that are allocated to a VPC are attached to Amazon EC2 instances or in-use elastic network interfaces (ENIs).
A failed finding indicates you may have unused Amazon EC2 EIPs.
This will help you maintain an accurate asset inventory of EIPs in your cardholder data environment (CDE). Unless there is a business need to retain them, you should remove unused resources to maintain an accurate inventory of system components.
Remediation
To remediate this issue, create new security groups and assign those security groups to your resources. To prevent the default security groups from being used, remove their inbound and outbound rules.
- Open the Amazon EC2 console.
- In the navigation pane, under Network & Security, choose Elastic IPs.
- Choose the Elastic IP address, choose Actions, and then choose Release Elastic IP address.
- When prompted, choose Release.
PCI requirement(s): 2.4
Resource Types
This control targets the following resource types:
Category
In Your Workspace
Developers
- tmod:@turbot/aws-pciv3-2-1#/control/types/vpcEipAssociated
- tmod:@turbot/turbot#/control/categories/compliancePci
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-pciv3-2-1#/control/types/vpcEipAssociated"
Get Controls