Rule: EC2 Instances Should Have IAM Profile Attached
This rule ensures that all EC2 instances have the necessary IAM profile attached for security compliance.
| Rule | EC2 instances should have IAM profile attached |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description:
In order to adhere to the regulations outlined in GxP (Good x Practice) 21 CFR Part 11, it is required to attach an IAM (Identity and Access Management) profile to EC2 instances in AWS (Amazon Web Services). This ensures that proper security controls are in place for compliance with GxP regulations.
Troubleshooting Steps:
If you encounter any issues while implementing this rule, you can follow these troubleshooting steps:
- 1.
Verify IAM permissions: Ensure that the IAM user or role you are using has the necessary permissions to assign IAM profiles to EC2 instances.
- 2.
Check EC2 instance metadata: Validate that the EC2 instance has the correct IAM profile assigned by checking its metadata. You can use the AWS CLI or AWS Management Console to view the instance details.
- 3.
Review IAM policy: Double-check the attached IAM policy to ensure it aligns with the specific requirements of GxP 21 CFR Part 11. Make any necessary updates to the policy if it is found to be insufficient or non-compliant.
- 4.
Confirm instance connectivity: Ensure the EC2 instance has proper connectivity to AWS services to fetch the IAM profile information. Troubleshoot any network or security group issues that might be blocking the connection.
Necessary Codes:
If you need to implement the rule programmatically, here is a sample AWS CLI command to attach an IAM profile to an existing EC2 instance:
aws ec2 associate-iam-instance-profile --instance-id <your-instance-id> --iam-instance-profile Name=<profile-name>
Replace
<your-instance-id><profile-name>Step-by-Step Guide for Remediation:
Please follow the steps below to attach an IAM profile to an EC2 instance:
- 1.
Log in to your AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
Select the EC2 instance to which you want to attach an IAM profile.
- 4.
Click on the "Actions" dropdown menu and choose "Instance Settings" > "Attach/Replace IAM Role".
- 5.
In the "Attach/Replace IAM Role" dialog box, select the desired IAM profile from the dropdown list.
- 6.
Click "Apply" to attach the IAM profile to the instance.
- 7.
Monitor the instance to ensure successful attachment of the IAM profile.
Conclusion:
By following the rule of attaching an IAM profile to EC2 instances as per GxP 21 CFR Part 11 regulations, your infrastructure will be compliant with the necessary security controls. Troubleshooting steps and necessary codes are provided to assist in the implementation of this rule.