Rule: EC2 Instance Should Have EBS Optimization Enabled
This rule ensures that EC2 instances have EBS optimization enabled for better performance.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description
This rule requires that the EBS optimization feature is enabled for EC2 instances in order to meet the requirements of FedRAMP Low Revision 4. EBS optimization helps to maximize the performance of EBS volumes attached to EC2 instances, delivering low-latency and high-throughput storage for applications and workloads.
Troubleshooting Steps
If you encounter any issues with EBS optimization, follow these troubleshooting steps:
- 1.
Verify EBS-optimized instances: Ensure that your EC2 instances are listed as EBS-optimized instances. You can check this by navigating to the EC2 dashboard, selecting the instance, and verifying the "EBS-Optimized" attribute.
- 2.
Update instance type: If your instance is not EBS-optimized, you may need to update the instance type to one that supports EBS optimization. Review the list of EBS-optimized instance types provided by AWS and choose a suitable instance type.
- 3.
Check instance profile permissions: Confirm that the instance profile associated with your EC2 instance has the necessary permissions to enable EBS optimization. Make sure that the instance profile includes the "AmazonEC2EBSOptimizedAccess" policy.
- 4.
Review instance and volume configurations: Ensure that your instance and attached EBS volumes are properly configured. Check if your EBS volumes are provisioned with the required IOPS, throughput, and capacity to meet the performance demands of your workload.
Necessary Code
No specific code is required for enabling EBS optimization. It can be enabled directly through the AWS Management Console or via the AWS Command Line Interface (CLI). However, ensure that you have the necessary permissions to make configuration changes to your EC2 instances.
Step-by-Step Guide for Remediation
To enable EBS optimization for an EC2 instance, follow these steps:
- 1.
Navigate to EC2 Dashboard: Log in to the AWS Management Console and navigate to the EC2 Dashboard.
- 2.
Select EC2 Instance: From the list of EC2 instances, select the instance for which you want to enable EBS optimization.
- 3.
Enable EBS Optimization: Right-click on the selected instance and choose "Modify Instance" from the context menu. Alternatively, you can also click on the "Actions" button and select "Modify Instance" from the drop-down menu.
- 4.
Enable EBS optimization: In the "Modify Instance" window, scroll down to the "EBS Optimization" section and check the box next to "Enable".
- 5.
Save Changes: Click on the "Apply" or "Save" button to save the changes to the instance configuration.
- 6.
Verify EBS Optimization: Once the changes are saved, the instance status will transition to "modifying". After a few moments, the instance status should return to "running".
- 7.
Verify EBS Optimization Status: To verify that EBS optimization is enabled for the instance, select the instance and check the "EBS-Optimized" attribute. It should now display "True".
- 8.
Test Performance: Run performance tests or benchmarks on your EC2 instance to ensure that the provisioned EBS volumes are delivering the desired performance.
By following these steps, you will enable EBS optimization for the specified EC2 instance, satisfying the requirements of FedRAMP Low Revision 4.