Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Stopped Instances Should Be Removed in 30 Days

This rule states the requirement for removing EC2 stopped instances within a 30-day period.

RuleEC2 stopped instances should be removed in 30 days
FrameworkCISA-cyber-essentials
Severity
Low

EC2 Stopped Instances Removal Policy for CISA Cyber Essentials

Rule Description

As part of the CISA Cyber Essentials framework, it is required to remove EC2 instances that have been stopped for a period exceeding 30 days. This rule helps maintain a secure and efficient AWS environment by properly managing unused resources, reducing potential security risks, and minimizing unnecessary costs.

Troubleshooting Steps (if applicable)

N/A

Necessary Code (if applicable)

N/A

Step-by-Step Guide for Remediation

1. Identify Stopped EC2 Instances

  1. 1.
    Open the AWS Management Console.
  2. 2.
    Navigate to the EC2 dashboard.

2. Filter Stopped Instances

  1. 1.
    On the EC2 dashboard, click on the "Instances" section in the left navigation pane.
  2. 2.
    Apply a filter to display only stopped instances.

3. Identify Instances Older Than 30 Days

  1. 1.
    Sort the instances based on the "Launch time" column to identify the oldest instances.
  2. 2.
    Review the instances and ensure that they have been stopped for more than 30 days.

4. Verify Instance Status

  1. 1.
    Select an instance to view its details.
  2. 2.
    Ensure that the instance is in a stopped state and not being actively used.

5. Take Note of Instance Details (if required)

  1. 1.
    If necessary, note down important details about the instance, such as its name, tags, or any associated resources.
  2. 2.
    These details will be helpful for reference or documentation purposes.

6. Terminate the Stopped Instance

  1. 1.
    Select the instance you want to remove.
  2. 2.
    Click on the "Actions" button at the top of the page.
  3. 3.
    From the dropdown menu, choose "Instance State" and then "Terminate."
  4. 4.
    Confirm the termination by clicking on "Yes, Terminate."

7. Repeat Steps 3-6 for Other Instances

  1. 1.
    Go back to the list view of stopped instances.
  2. 2.
    Repeat steps 3-6 until all instances that have been stopped for more than 30 days have been terminated.

8. Documentation (optional)

  1. 1.
    If required, document the terminated instances for auditing or tracking purposes.

Conclusion

By following this AWS EC2 stopped instances removal policy, you ensure compliance with the CISA Cyber Essentials framework. Regularly removing stopped instances that exceed the 30-day threshold helps maintain an efficient and secure AWS environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now