turbot/aws_compliance

Control: 9 EC2 Auto Scaling groups should use EC2 launch templates

Description

This control checks whether an Amazon EC2 Auto Scaling group is created from an EC2 launch template. This control fails if an Amazon EC2 Auto Scaling group is not created with a launch template or if a launch template is not specified in a mixed instances policy.

An EC2 Auto Scaling group can be created from either an EC2 launch template or a launch configuration. However, using a launch template to create an Auto Scaling group ensures that you have access to the latest features and improvements.

Remediation

To create an Auto Scaling group with an EC2 launch template, see Create an Auto Scaling group using a launch template in the Amazon EC2 Auto Scaling User Guide. For information about how to replace a launch configuration with a launch template, see Replace a launch configuration with a launch template in the Amazon EC2 User Guide for Windows Instances.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_autoscaling_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_autoscaling_9 --share

SQL

This control uses a named query:

autoscaling_group_uses_ec2_launch_template

Tags