
b.r.bhanushali
As a security specialist, is it a good practice or mandatory requirement to perform vulnerability assessment of EC2 instances in private subnet. Since this EC2 instances are not accessible from internet and hence at low risk, is vulnerability assessment needed for such EC2 machines?