Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Avoid Using Paravirtual EC2 Instance Types - Rule

This rule states that Paravirtual EC2 instance types should not be used. Ensure compliance to enhance security measures.

RuleParavirtual EC2 instance types should not be used
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description:

Paravirtual EC2 instance types should not be used for AWS Foundational Security Best Practices.

Description:

Paravirtual EC2 instances are an older generation of instances that utilize a different virtualization technology compared to the newer HVM (Hardware Virtual Machine) instances. The AWS Foundational Security Best Practices recommend using HVM instances for improved security and performance.

Troubleshooting steps:

If you identify that your EC2 instances are running on paravirtual virtualization, you can follow these troubleshooting steps to migrate to HVM instances:

  1. 1.

    Identify the current instance type:

    • From the AWS Management Console, navigate to the EC2 service.
    • Select the instance in question.
    • Check the "Instance Type" column to see if it is listed as a paravirtual instance.
  2. 2.

    Check compatibility:

    • Ensure that the desired HVM instance types you want to migrate to are supported by your operating system and applications.
  3. 3.

    Snapshot or backup important data:

    • Before migrating, it is strongly recommended to create a snapshot or backup of your data to ensure no loss of critical information during the migration process.
  4. 4.

    Migrate to HVM instance:

    • Stop the paravirtual instance.
    • Create an Amazon Machine Image (AMI) from the stopped instance.
    • Launch a new instance using the HVM-compatible AMI.
    • Update any necessary configurations and ensure the proper working of your applications.
  5. 5.

    Verify the new instance:

    • Confirm that the new HVM instance is running correctly and that all applications and services are functioning as expected.
  6. 6.

    Optional - Terminate the old instance:

    • Once you have verified the new HVM instance, you can terminate the old paravirtual instance to avoid any unnecessary costs.

Necessary codes:

There are no specific codes provided as the migration process involves standard EC2 management tasks through the AWS Management Console or AWS CLI.

Remediation steps:

Follow these step-by-step commands to remediate the issue using AWS CLI:

  1. 1.

    Identify the current instance type:

    aws ec2 describe-instances --instance-ids <instance-id> --query 'Reservations[*].Instances[*].[InstanceId, InstanceType]'
    
  2. 2.

    Check compatibility:

    • Confirm that the desired HVM instance types are compatible with your operating system and applications.
  3. 3.

    Migrate to HVM instance:

    • Stop the paravirtual instance:

      aws ec2 stop-instances --instance-ids <instance-id>
      
    • Create an Amazon Machine Image (AMI) from the stopped instance:

      aws ec2 create-image --instance-id <instance-id> --name "New HVM AMI" --description "AMI for HVM instance migration"
      
    • Launch a new instance using the HVM-compatible AMI:

      aws ec2 run-instances --image-id <new-ami-id> --instance-type <hvm-instance-type> --key-name <key-pair-name>
      
    • Update any necessary configurations and ensure the proper working of your applications.

  4. 4.

    Verify the new instance:

    • Confirm that the new HVM instance is running correctly and that all applications and services are functioning as expected.
  5. 5.

    Optional - Terminate the old instance:

    • Once you have verified the new HVM instance, you can terminate the old paravirtual instance to avoid any unnecessary costs:
      aws ec2 terminate-instances --instance-ids <instance-id>
      

By following the above steps, you can migrate from paravirtual EC2 instance types to HVM instances, aligning with AWS Foundational Security Best Practices.

Is your System Free of Underlying Vulnerabilities?
Find Out Now