-
New Feature
-
Resolution: Unresolved
-
Blocker
-
None
-
Version 2.462.2.2
Plugin Version 1688.v8c07e01d657f
We have an internal requirement to create an AWS Service Control Policy (SCP) that blocks any instances with public IPs.
The policy is as follows:
{ "key": "ec2:AssociatePublicIpAddress", "values": { "items": [ { "value": "true" } ] } }
This policy prevents any creation of EC2's that are missing this field:
The issue with the plugin arises when the "Associate Public IP" checkbox is not selected. In this case, it neither sends the network interface nor the associatePublicIpAddress field, relying entirely on the subnet configuration.
The main requirement for this feature is to add the capability to override subnet configuration by including a checkbox labeled "Forbidden Public IP." This way, even if the associatePublicIpAddress option is unchecked, it can still send the networkInterfaceSet with all the necessary configurations.
This feature will also be useful if the subnet has the Auto-assign public IPv4 address set to true, allowing you to create EC2's without public IP.