Rule: EC2 Auto Scaling groups should use EC2 launch templates
This rule ensures EC2 Auto Scaling groups are using EC2 launch templates for efficient scaling and resource management.
| Rule | EC2 Auto Scaling groups should use EC2 launch templates |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
EC2 Auto Scaling Groups and Launch Templates
Rule Description
According to the AWS Foundational Security Best Practices, it is recommended to use EC2 launch templates when creating EC2 Auto Scaling groups. EC2 launch templates provide a way to configure and launch Amazon EC2 instances with pre-defined settings, which improves security, reliability, and consistency across the Auto Scaling group.
By adhering to this rule, you can ensure that all instances launched within the Auto Scaling group meet the required security standards and configurations specified in the launch template.
Troubleshooting Steps
1. Verify the existence of the EC2 Auto Scaling group:
- Use the AWS Management Console or AWS CLI to check if the Auto Scaling group already exists in your account.
- If the group does not exist, follow the steps below to create one.
2. Create an EC2 launch template:
- If you don't have an existing launch template, create a new one using either the AWS Management Console or AWS CLI.
- Specify the desired configurations, such as the Amazon Machine Image (AMI), instance type, security groups, and other relevant settings.
3. Attach the launch template to the Auto Scaling group:
- Update the Auto Scaling group configuration to use the newly created launch template.
- This can be done through the AWS Management Console or by running an AWS CLI command.
Required Codes (if applicable)
To create an EC2 launch template using the AWS CLI, you can use the following code snippet as a reference:
aws ec2 create-launch-template --launch-template-name MyLaunchTemplate --version-description "My version" --launch-template-data "{\"ImageId\":\"ami-XXXXXXXX\",\"InstanceType\":\"t2.micro\",\"SecurityGroupIds\":[\"sg-XXXXXXXX\"], \"UserData\":\"IyEvYmluL3No\",\"TagSpecifications\":[{\"ResourceType\":\"instance\",\"Tags\":[{\"Key\":\"environment\",\"Value\":\"production\"}]}]}"
Make sure to replace the placeholder values (
ami-XXXXXXXXsg-XXXXXXXXStep-by-Step Guide for Remediation
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 Dashboard.
- 3.
Select "Auto Scaling Groups" from the left sidebar menu.
- 4.
Verify the existence of the Auto Scaling group. If it doesn't exist, create a new one by clicking on the "Create Auto Scaling group" button.
- 5.
Configure the Auto Scaling group settings, including the desired minimum, maximum, and desired capacities.
- 6.
In the "Configure launch template" section, select the option to "Create a new EC2 launch template."
- 7.
Specify the desired configurations for the launch template, such as the AMI, instance type, security groups, user data, and tags.
- 8.
Click on "Create launch template" to save your settings and create the launch template.
- 9.
Once the launch template is created, go back to the Auto Scaling group configuration page.
- 10.
In the "Launch template" section, select "Choose an existing launch template" and choose the newly created launch template from the dropdown menu.
- 11.
Review and verify the other settings related to the Auto Scaling group.
- 12.
Click "Create Auto Scaling group" to save the changes and associate the launch template with the group.
Congratulations! You have successfully remediated the rule/policy violation by using an EC2 launch template for your EC2 Auto Scaling group, aligning with AWS Foundational Security Best Practices.