More Info:

No backend EC2 instances should be running in public subnets.

Risk Level

High

Address

Security

Compliance Standards

HIPAA, SOC2, HITRUST, AWSWAF, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Additional Reading: