Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Be in a VPC

Guideline ensuring all EC2 instances are within a VPC for security and network control.

Rule	EC2 instances should be in a VPC
Framework	CISA-cyber-essentials
Severity	✔ High

Rule Description: EC2 instances should be deployed within a Virtual Private Cloud (VPC) for compliance with CISA Cyber Essentials standards.

Troubleshooting Steps:

If you encounter instances that are not deployed within a VPC, you can follow these troubleshooting steps:

1.
Verify if the instance is indeed outside the VPC. To check this, go to the EC2 dashboard in the AWS Management Console and navigate to the "Instances" section.

2.
Identify the instances that are not associated with a VPC. These instances will have a value of "none" under the "VPC" column.

3.
Determine the reason why the instances are not within a VPC.
- If instances were provisioned before the implementation of VPCs in your AWS account, they may not be automatically associated with a VPC.
- Instances may have been mistakenly launched without associating them with a VPC.

4.
Decide on the remediation approach based on the identified reason.

Remediation Steps:

Option 1: Associating existing instances with a VPC

1.
Identify the VPC with which you want to associate your EC2 instances.

2.
Select the instance(s) you wish to associate with a VPC by checking the corresponding checkboxes.

3.
Click on the "Actions" button and choose "Networking" > "Change Security Groups".

4.
In the "Change Security Groups" dialog, select the VPC from the "VPC" dropdown menu.

5.
Choose the desired security group(s) for the instance(s).

6.
Click "Save" to associate the instance(s) with the selected VPC and security group(s).

Option 2: Launching new instances within a VPC

1.
Go to the EC2 dashboard in the AWS Management Console.

2.
Click on the "Launch Instance" button to start the instance launch wizard.

3.
Follow the steps in the launch wizard to configure your instance settings.

4.
In the "Configure Instance Details" section, select the desired VPC from the "Network" dropdown menu.

5.
Configure the remaining settings according to your requirements.

6.
Continue with the launch wizard until your EC2 instance is successfully provisioned within the designated VPC.

Necessary Code:

If you prefer to use AWS CLI commands for the remediation steps, here are the equivalent commands:

Option 1: Associating existing instances with a VPC

aws ec2 modify-instance-attribute --instance-id YOUR_INSTANCE_ID --vpc-id YOUR_VPC_ID

Option 2: Launching new instances within a VPC

aws ec2 run-instances --image-id YOUR_IMAGE_ID --instance-type YOUR_INSTANCE_TYPE --subnet-id YOUR_SUBNET_ID

Note: Replace

YOUR_INSTANCE_ID

YOUR_VPC_ID

YOUR_IMAGE_ID

YOUR_INSTANCE_TYPE

, and

YOUR_SUBNET_ID

with the appropriate values for your environment.

Rule: EC2 Instances Should Be in a VPC

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Option 1: Associating existing instances with a VPC

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Option 2: Launching new instances within a VPC

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Option 1: Associating existing instances with a VPC

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Option 2: Launching new instances within a VPC

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Remediation Steps:

Option 1: Associating existing instances with a VPC

Option 2: Launching new instances within a VPC

Necessary Code:

Option 1: Associating existing instances with a VPC

Option 2: Launching new instances within a VPC

Is your System Free of Underlying Vulnerabilities?
Find Out Now