Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Be in a VPC

This rule ensures that all EC2 instances are properly configured within a VPC for improved security.

RuleEC2 instances should be in a VPC
FrameworkFedRAMP Low Revision 4
Severity
High

Rule/Policy Details:

According to FedRAMP Low Revision 4 guidelines, all EC2 instances should be deployed within a Virtual Private Cloud (VPC). A VPC provides an isolated network environment within the Amazon Web Services (AWS) cloud infrastructure. This requirement ensures proper security and network segmentation for EC2 instances.

Troubleshooting Steps:

If an EC2 instance is found outside of a VPC, you can follow these troubleshooting steps:

  2. 1.

    Identify the EC2 instance: Determine the instance that is not in a VPC by checking its configuration or using AWS Command Line Interface (CLI) commands.

  4. 2.

    Verify the instance's VPC association: Use the AWS Management Console or CLI to validate if the EC2 instance is associated with a VPC.

  6. 3.

    Check subnet association: Verify that the EC2 instance is associated with a subnet within the VPC. A subnet is a range of IP addresses within a VPC.

  8. 4.

    Check security groups: Ensure that the EC2 instance is associated with the correct security groups within the VPC. Security groups control inbound and outbound traffic to the instance.

  10. 5.

    Validate routing: Confirm that the routing tables within the VPC are correctly configured to allow traffic to and from the EC2 instance.

Necessary Codes:

If you need to retrieve the VPC details and verify the EC2 instances' VPC association, you can use the following AWS CLI commands:

  2. 1.
    To list all VPCs in your AWS account:
aws ec2 describe-vpcs
  2. 1.
    To list all EC2 instances and their associated VPCs:
aws ec2 describe-instances

Step-by-Step Guide for Remediation:

Follow these steps to ensure that all EC2 instances are deployed within a VPC:

  2. 1.
    Access the AWS Management Console.
  4. 2.
    Open the EC2 service.
  6. 3.
    Navigate to the "Instances" section.
  8. 4.
    Identify the EC2 instances that are not within a VPC.
  10. 5.
    Select an unassociated instance and click "Actions" > "Networking" > "Change Security Groups".
  12. 6.
    Select the option to create a new VPC or choose an existing VPC.
  14. 7.
    Choose appropriate subnets within the selected VPC.
  16. 8.
    Review and modify security group settings as needed.
  18. 9.
    Click "Assign Security Groups" to save the changes.
  20. 10.
    Repeat the process for all EC2 instances that are not within a VPC.

After completing these steps, all EC2 instances should be properly deployed within a VPC, aligning with the FedRAMP Low Revision 4 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now