Rule: EC2 Instance Should Have EBS Optimization Enabled
This rule ensures that EC2 instances have EBS optimization enabled for high performance.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | AWS Audit Manager Control Tower Guardrails |
| Severity | ✔ High |
Enabling EBS Optimization for EC2 Instances to Comply with AWS Audit Manager Control Tower Guardrails
Overview of the Rule
Elastic Block Store (EBS) optimization on Amazon EC2 instances provides additional, dedicated capacity for EBS I/O, ensuring better performance of EBS volumes. AWS Audit Manager Control Tower Guardrails may demand that EC2 instances have EBS optimization enabled to meet certain performance and resource optimization standards.
By complying with this requirement, you ensure your EC2 instances are performing optimally by reducing I/O contention between EBS and other traffic from your EC2 instance.
Troubleshooting EBS Optimization Issues
If an EC2 instance does not have EBS optimization enabled, or if there is a performance issue, you can take the following steps to troubleshoot:
- 1.Check if the instance type supports EBS optimization.
- 2.Verify the current status of EBS optimization for the instance.
- 3.Measure the performance of the instance and compare it with the expected performance.
- 4.Ensure that the EBS volume is not a bottleneck by checking the volume's type, size and IOPS.
Necessary Codes and CLI Commands
Determine if EBS Optimization Is Supported
aws ec2 describe-instance-types --instance-types <instance-type>
Replace
<instance-type>m5.largeCheck the EBS Optimization Status
aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].EbsOptimized"
Replace
<instance-id>Enable EBS Optimization
aws ec2 modify-instance-attribute --instance-id <instance-id> --ebs-optimized
Use this command to enable EBS optimization on a running or stopped instance.
Step by Step Guide for Remediation
Step 1: Determine Support and Current Status
Before making changes, confirm if your instances support EBS optimization and whether it's already enabled:
- 1.Use the
command to check for support.describe-instance-types - 2.Use the
command to check the optimization status.describe-instances
Step 2: Enabling EBS Optimization
If the instance supports EBS optimization and it is not enabled:
- 1.Stop your instance (if necessary, for instance types that require a stop-start cycle to enable EBS optimization).
aws ec2 stop-instances --instance-ids <instance-id> - 2.Use the
command to enable EBS optimization.modify-instance-attribute - 3.(Optional) Restart your instance.
aws ec2 start-instances --instance-ids <instance-id>
Repeat these steps for all instances that need EBS optimization enabled.
Additional Notes for SEO
Achieving compliance with AWS Audit Manager Control Tower Guardrails is essential for maintaining best practices in your AWS environment. Optimizing your EC2 instances for EBS can lead to better application performance, improved resource utilization, and enhanced user experience.
Ensuring compliance will not only meet the necessary regulatory standards but can also contribute to your company's overall cost-efficiency by optimizing performance and avoiding the need to provision larger, more expensive instances than necessary.
Through careful adherence to AWS standards and controls, your infrastructure becomes more secure, reliable, and performant, which in turn can boost your company's reputation and client trust. Implementing such compliance measures can ultimately contribute to a stronger operational foundation for your business in the cloud.