Control: 2.5 Ensure no AWS EC2 Instances are older than 180 days
Description
Identify any running AWS EC2 instances older than 180 days.
An EC2 instance is not supposed to run indefinitely and having instance older than 180 days can increase the risk of problems and issues.
Remediation
From Console:
- Login to EC2 using https://console.aws.amazon.com/ec2/.
- On the left Click
INSTANCES, clickInstances. - Select the
EC2 instanceidentified above in the audit. The Instance State must be 'running'. - Click
Actions, clickInstance State, click Stop. - Wait for the Instance State to read 'stopped'.
- Click 'Actions' click 'Instance State', click 'Start'
- Select the Description tab.
- Check the Launch time.
Confirm that the instance active age is now set to today's date and time.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_5Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_compute_service_v100_2_5 --shareSQL
This control uses a named query:
select instance_id as resource, launch_time, case when launch_time >= (current_date - interval '180 days') then 'ok' else 'alarm' end as status, title || ' created ' || to_char(launch_time , 'DD-Mon-YYYY') || ' (' || extract(day from current_timestamp - launch_time) || ' days).' as reason , region, account_idfrom aws_ec2_instance;