Benchmark: 2 Elastic Cloud Compute (EC2)
Elastic Cloud Compute (EC2)
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. This section will contain recommendations for configuring your compute resources within EC2. Some of the security settings and related options might be applied differently depending on how you are using other EC2 services and functionality.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 2 Elastic Cloud Compute (EC2).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_compute_service_v100_2 --share
Benchmarks
Controls
- 2.3 Ensure Tag Policies are enabled
- 2.4 Ensure an Organizational EC2 Tag Policy has been created
- 2.5 Ensure no AWS EC2 Instances are older than 180 days
- 2.6 Ensure detailed monitoring is enable for production EC2 Instances
- 2.7 Ensure Default EC2 Security groups are not being used
- 2.8 Ensure the Use of IMDSv2 is Enforced on All Existing Instances
- 2.9 Ensure use of AWS Systems Manager to manage EC2 instances
- 2.10 Ensure unused ENIs are removed
- 2.11 Ensure instances stopped for over 90 days are removed
- 2.12 Ensure EBS volumes attached to an EC2 instance is marked for deletion upon instance termination
- 2.13 Ensure Secrets and Sensitive Data are not stored directly in EC2 User Data
- 2.14 Ensure EC2 Auto Scaling Groups Propagate Tags to EC2 Instances that it launches