This rule ensures all EC2 instances are located within a Virtual Private Cloud (VPC) for enhanced security and network isolation.
Rule
EC2 instances should be in a VPC
Framework
FedRAMP Moderate Revision 4
Severity
✔
High
Rule Description:
All EC2 instances used within the AWS environment must be deployed within a Virtual Private Cloud (VPC) to comply with the FedRAMP Moderate Revision 4 security requirements. A VPC provides logical isolation for your cloud resources and enables you to define network settings, including IP address ranges, subnets, route tables, and network gateways.
Possible Issues:
1.
EC2 instances are not deployed within a VPC.
2.
EC2 instances are deployed in an incorrect or unsupported VPC configuration.
3.
Existing EC2 instances need to be migrated to a VPC.
Troubleshooting Steps:
1.
Confirm VPC Configuration:
Verify if the EC2 instances are already deployed within a VPC.
Access the AWS Management Console and navigate to the EC2 service.
Check the "Instances" section and ensure there are instances running within a VPC.
2.
Create a VPC:
If no VPC exists, create a VPC by following these steps:
Access the AWS Management Console and navigate to the VPC service.
Click on "Create VPC" and provide the necessary details, such as name, IP address range, and subnets.
Configure additional settings like route tables and security groups according to your requirements.
3.
Migrate Existing Instances to a VPC:
If there are EC2 instances running outside a VPC that need to be migrated, follow these steps:
Launch a new EC2 instance within the desired VPC.
Set up appropriate security groups and network settings for the new instance.
Create an AMI (Amazon Machine Image) of the existing EC2 instance that needs to be migrated.
Use the AMI to launch a new EC2 instance within the VPC.
Verify the functionality of the new instance and ensure it meets all necessary requirements.
Terminate the old EC2 instance outside the VPC once the migration is successful.
Additional Configuration:
In some cases, specific network configurations may be required by the FedRAMP Moderate Revision 4 guidelines. Ensure the following requirements are met:
1.
Subnet Configuration:
Subnets should be configured with appropriate IP address ranges.
Public and private subnets should be used based on the requirement of the EC2 instances.
2.
Security Group Configuration:
Configure security groups to control inbound and outbound traffic to and from the EC2 instances.
Follow the principle of least privilege while defining security group rules.
Relevant CLI Commands:
AWS CLI commands can be used to create a VPC, migrate instances, and configure associated resources. Here are some examples: