This rule ensures all EC2 instances are located within a Virtual Private Cloud (VPC) for enhanced security and network isolation.
Rule | EC2 instances should be in a VPC |
Framework | FedRAMP Moderate Revision 4 |
Severity | ✔ High |
Rule Description:
All EC2 instances used within the AWS environment must be deployed within a Virtual Private Cloud (VPC) to comply with the FedRAMP Moderate Revision 4 security requirements. A VPC provides logical isolation for your cloud resources and enables you to define network settings, including IP address ranges, subnets, route tables, and network gateways.
Possible Issues:
Troubleshooting Steps:
Confirm VPC Configuration:
Create a VPC:
Migrate Existing Instances to a VPC:
Additional Configuration:
In some cases, specific network configurations may be required by the FedRAMP Moderate Revision 4 guidelines. Ensure the following requirements are met:
Subnet Configuration:
Security Group Configuration:
Relevant CLI Commands:
AWS CLI commands can be used to create a VPC, migrate instances, and configure associated resources. Here are some examples:
aws ec2 create-vpc --cidr-block <VPC_CIDR_BLOCK>
aws ec2 run-instances --image-id <AMI_ID> --instance-type <INSTANCE_TYPE> --subnet-id <SUBNET_ID> --security-group-ids <SECURITY_GROUP_ID>
aws ec2 create-security-group --group-name <SECURITY_GROUP_NAME> --description "<DESCRIPTION>" --vpc-id <VPC_ID>
Note: Replace the placeholders (in angled brackets) with actual values specific to your environment.
Remediation Steps:
Ensure all EC2 instances are within a VPC:
Create a VPC (if not already created):
Migrate instances to the VPC:
Configure additional VPC resources (if applicable):
Regularly review and update VPC configurations as needed to maintain compliance with FedRAMP guidelines.