Ensuring Rule Compliance: EC2 Instances Managed by AWS Systems Manager
Learn how to comply with the rule ensuring EC2 instances are managed by AWS Systems Manager.
| Rule | EC2 instances should be managed by AWS Systems Manager |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description
EC2 instances should be managed by AWS Systems Manager for NIST 800-171 Revision 2.
AWS Systems Manager is a service provided by Amazon Web Services (AWS) that allows users to manage and configure both EC2 instances and on-premises systems. By utilizing AWS Systems Manager, organizations can ensure that their EC2 instances are secure and compliant with the NIST 800-171 Revision 2 guidelines.
Troubleshooting Steps (if applicable)
If the EC2 instances are not managed by AWS Systems Manager, you may encounter the following troubleshooting steps:
- 1.
Validate that the EC2 instances in question are not already managed by AWS Systems Manager by checking the Systems Manager console or by using AWS CLI commands.
- 2.
Ensure that the EC2 instances have the necessary IAM roles and permissions to be managed by AWS Systems Manager. This includes allowing the EC2 instances to communicate with the Systems Manager service and access the required resources.
- 3.
Verify that the Systems Manager Agent is installed and running on each EC2 instance. The agent is responsible for enabling communication between the EC2 instance and AWS Systems Manager.
If any of the above steps indicate that the EC2 instances are not managed by AWS Systems Manager, you can proceed with the remediation steps below.
Remediation Steps
To manage EC2 instances using AWS Systems Manager for NIST 800-171 Revision 2 compliance, you can follow these step-by-step instructions:
- 1.
Create an IAM Role for Systems Manager:
- Log in to the AWS Management Console.
- Navigate to the IAM service.
- Click on "Roles" in the left sidebar.
- Click on "Create role".
- Select "AWS service" as the type of trusted entity.
- Choose "Systems Manager" as the service that will use this role.
- Proceed with the role creation, ensuring that the required policies and permissions are attached to the role.
- 2.
Attach the IAM Role to EC2 Instances:
- In the AWS Management Console, navigate to the EC2 service.
- Select the EC2 instances that you want to manage with Systems Manager.
- Right-click on the instances and choose "Instance Settings".
- Select "Attach/Replace IAM Role" from the dropdown menu.
- Choose the IAM role created in step 1 and click on "Apply".
- 3.
Install and Configure Systems Manager Agent:
- Connect to the EC2 instances that you want to manage using SSH or other remote access methods.
- Execute the following commands to download and install the Systems Manager Agent:
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm sudo yum install -y amazon-ssm-agent.rpm - Edit the Systems Manager Agent configuration file at
to ensure it includes the necessary configuration settings./etc/amazon/ssm/amazon-ssm-agent.json
- 4.
Verify and Monitor Systems Manager Agent:
- Run the following command to start the Systems Manager Agent:
sudo systemctl start amazon-ssm-agent - Monitor the Systems Manager Agent logs at
to ensure successful communication with AWS Systems Manager./var/log/amazon/ssm/amazon-ssm-agent.log
By following the above steps, you can effectively manage your EC2 instances using AWS Systems Manager to comply with the NIST 800-171 Revision 2 guidelines.