Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instance EBS Optimization Enabled

Check if EC2 instances have EBS optimization enabled for high compliance.

RuleEC2 instance should have EBS optimization enabled
FrameworkFedRAMP Low Revision 4
Severity
High

Rule Description

The rule requires that Amazon Elastic Compute Cloud (EC2) instances have Elastic Block Store (EBS) optimization enabled to adhere to the security requirements of FedRAMP Low Revision 4. EBS optimization helps improve the performance of EBS volumes attached to EC2 instances by optimizing the networking stack.

Troubleshooting Steps

If you encounter issues while enabling EBS optimization, follow these troubleshooting steps:

  2. 1.
    Verify EC2 instance type: Ensure that you are using an EC2 instance type that supports EBS optimization. Not all instance types support this feature.
  4. 2.
    Check instance launch settings: If the EBS optimization setting was not enabled during instance launch, you need to stop the instance, modify the launch configuration, and restart the instance for the changes to take effect.
  6. 3.
    Review EC2 instance limits: Ensure that you have not reached any limits imposed by AWS for the instance type or any other resource limitations that may prevent you from enabling EBS optimization. Adjust the limits if necessary.

Necessary Codes

No specific code is required for enabling EBS optimization. Instead, you need to modify the instance launch configuration or use AWS Command Line Interface (CLI) commands to update the instance settings.

Step-by-Step Guide for Remediation

To enable EBS optimization for an EC2 instance, follow these steps:

  2. 1.
    Open the AWS Management Console and navigate to the EC2 service.
  4. 2.
    Select the EC2 instance for which you want to enable EBS optimization.
  6. 3.
    Click on the "Actions" button and choose "Instance Settings" from the dropdown menu.
  8. 4.
    In the sub-menu, click on "Change Instance Type".
  10. 5.
    In the "Change Instance Type" dialog box, select the current instance type and the same instance type with EBS optimization.
  12. 6.
    Click on the "Apply" button to proceed with the changes.
  14. 7.
    Review the changes and click on the "Confirm" button to apply the instance type change.
  16. 8.
    Wait for the instance to stop and start automatically.
  18. 9.
    Once the instance is running again, verify that EBS optimization is enabled by viewing the instance details.
  20. 10.
    Alternatively, you can use the AWS CLI to modify the instance launch configuration and enable EBS optimization. The CLI command to modify the launch configuration is as follows:
aws ec2 modify-instance-attribute --instance-id <instance_id> --ebs-optimized

Replace 

<instance_id>
with the ID of the EC2 instance for which you want to enable EBS optimization.

  2. 1.
    After making the necessary changes, monitor the performance of the EC2 instance to ensure that EBS optimization is improving the performance of attached EBS volumes.

By following these steps, you can ensure that the EC2 instance is in compliance with the FedRAMP Low Revision 4 requirement of having EBS optimization enabled.

Is your System Free of Underlying Vulnerabilities?
Find Out Now