Rule: EC2 Instances Managed by AWS Systems Manager
Ensure all EC2 instances are managed by AWS Systems Manager for better security and compliance.
| Rule | EC2 instances should be managed by AWS Systems Manager |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ High |
Description
This rule/policy ensures that all EC2 instances are managed and monitored by AWS Systems Manager to comply with the requirements of GxP 21 CFR Part 11. GxP (Good Practice) refers to a set of regulations and guidelines for industries that are subject to regulatory compliance, such as pharmaceutical, biotechnology, and medical device manufacturers. 21 CFR Part 11 specifically covers electronic records and signatures.
By managing EC2 instances using AWS Systems Manager, organizations can maintain proper control, security, and auditing of their infrastructure to meet the regulatory requirements of GxP 21 CFR Part 11.
Troubleshooting Steps
If there are any issues encountered while managing EC2 instances with AWS Systems Manager for GxP 21 CFR Part 11 compliance, follow these troubleshooting steps:
- 1.
Verify IAM Permissions: Ensure that the IAM (Identity and Access Management) policies associated with the user or role have necessary permissions to access AWS Systems Manager features and EC2 instances.
- 2.
Check EC2 Instance Status: Ensure that the EC2 instances are running and accessible. Verify that the instances are launched in the correct region and have the necessary network connectivity.
- 3.
Review Systems Manager Configuration: Verify that Systems Manager is correctly configured in the AWS Management Console. Check if the required features like State Manager, Patch Manager, and Session Manager are enabled.
- 4.
Validate Compliance Roles: Ensure that the required compliance roles are properly assigned and associated with the EC2 instances. These roles enable Systems Manager to manage, monitor, and perform necessary actions on the instances.
- 5.
Check System Logs: Review the EC2 instance's system logs, including cloud-init logs, application logs, and Systems Manager logs, for any errors or warnings related to the Systems Manager integration.
- 6.
Validate GxP Compliance Documentation: Ensure that all necessary documentation and controls required by GxP 21 CFR Part 11 compliance are correctly implemented.
Necessary Codes
There are no specific codes required for this rule. However, the following AWS CLI commands can be useful for managing EC2 instances with AWS Systems Manager:
- 1.Register an EC2 instance with AWS Systems Manager:
aws ssm create-association --name "AWS-GxP-Association" --instance-id "instance-id"
- 1.Retrieve information about registered EC2 instances:
aws ssm describe-instance-information
- 1.Start a Systems Manager session with an EC2 instance:
aws ssm start-session --target "instance-id"
- 1.Install Systems Manager Agent (SSM Agent) on an EC2 instance:
aws ssm send-command --document-name "AWS-ConfigureAWSPackage" --document-version "1" --targets "Key=InstanceIds,Values=instance-id"
Note: Replace "instance-id" with the actual ID of the EC2 instance.
Step-by-Step Guide for Remediation
To ensure EC2 instances are managed by AWS Systems Manager for GxP 21 CFR Part 11 compliance, follow these steps:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
Select the EC2 instance that needs to be managed by Systems Manager.
- 4.
Ensure that the EC2 instance is in a running state and accessible.
- 5.
Go to the "Actions" dropdown menu and choose "Manage Systems Manager" under the "Instance Settings" section.
- 6.
In the Systems Manager page, click on the "Register" button to register the EC2 instance with Systems Manager.
- 7.
Review the Systems Manager configuration and make sure that necessary features like State Manager, Patch Manager, and Session Manager are enabled.
- 8.
Confirm that the required compliance roles, such as AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess, are properly assigned and associated with the EC2 instance.
- 9.
Validate the GxP compliance documentation and controls, ensuring they are in place to comply with 21 CFR Part 11 requirements.
- 10.
Save the changes and wait for Systems Manager to configure the EC2 instance.
- 11.
If troubleshooting is required, follow the troubleshooting steps mentioned earlier in this document.
By following these steps, EC2 instances will be managed and monitored by AWS Systems Manager to comply with GxP 21 CFR Part 11 regulations.