This rule ensures all EC2 instances are deployed within a Virtual Private Cloud (VPC) for better security and network control.
Rule | EC2 instances should be in a VPC |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
Rule Description:
In order to comply with the National Institute of Standards and Technology (NIST) 800-171 Revision 2 guidelines, all EC2 instances should be deployed within a Virtual Private Cloud (VPC) on the AWS platform. A VPC provides a logically isolated section of the AWS cloud infrastructure where you can launch resources in a virtual network. By ensuring EC2 instances are deployed within a VPC, it adds an additional layer of security and control to the infrastructure, effectively reducing the attack surface and protecting sensitive data.
Troubleshooting Steps:
If you encounter any issues or instances are not deployed within a VPC, follow these troubleshooting steps:
1. Determine if instance is in a VPC:
2. Associate EC2 instance with a VPC:
Necessary Codes:
There are no specific codes required for this rule. However, you may need to use the AWS CLI or SDKs for troubleshooting and making changes to the EC2 instances, VPCs, and associated resources.
Step-by-Step Guide for Remediation:
Follow the step-by-step guide to ensure EC2 instances are appropriately deployed within a VPC:
1. Create a VPC:
2. Create Subnets:
3. Launch EC2 instance within the VPC:
4. Verify VPC association:
By following these steps, you can ensure that your EC2 instances are compliant with NIST 800-171 Revision 2 guidelines by being deployed within a VPC. Remember to review and update your security group rules and network access controls as needed to align with your specific security requirements.