Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Be in a VPC

This rule ensures all EC2 instances are deployed within a Virtual Private Cloud (VPC) for better security and network control.

RuleEC2 instances should be in a VPC
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

In order to comply with the National Institute of Standards and Technology (NIST) 800-171 Revision 2 guidelines, all EC2 instances should be deployed within a Virtual Private Cloud (VPC) on the AWS platform. A VPC provides a logically isolated section of the AWS cloud infrastructure where you can launch resources in a virtual network. By ensuring EC2 instances are deployed within a VPC, it adds an additional layer of security and control to the infrastructure, effectively reducing the attack surface and protecting sensitive data.

Troubleshooting Steps:

If you encounter any issues or instances are not deployed within a VPC, follow these troubleshooting steps:

1. Determine if instance is in a VPC:

  • Use the AWS Management Console or AWS CLI to identify the EC2 instance.
  • Navigate to the EC2 dashboard and locate the instance in question.
  • Check the "Network" column and verify if the instance is associated with a VPC. If it is blank or shows "None", the instance is not within a VPC.

2. Associate EC2 instance with a VPC:

  • Launch a new EC2 instance or select an existing instance to modify.
  • Navigate to the instance details page in the AWS Management Console.
  • Select the "Actions" dropdown and choose "Networking" and then "Change VPC."
  • Select the desired VPC from the dropdown menu and click "Change VPC" to associate the instance with the chosen VPC.

Necessary Codes:

There are no specific codes required for this rule. However, you may need to use the AWS CLI or SDKs for troubleshooting and making changes to the EC2 instances, VPCs, and associated resources.

Step-by-Step Guide for Remediation:

Follow the step-by-step guide to ensure EC2 instances are appropriately deployed within a VPC:

1. Create a VPC:

  • Open the AWS Management Console and navigate to the VPC dashboard.
  • Click on "Create VPC."
  • Provide a name and define the IP address range for the VPC.
  • Configure any additional settings as required and click "Create VPC."

2. Create Subnets:

  • Within the VPC dashboard, select "Subnets" from the sidebar.
  • Click on "Create subnet."
  • Provide a name for the subnet and select the VPC created in the previous step.
  • Define the IP address range for the subnet.
  • Configure any additional settings such as availability zone and click "Create subnet."

3. Launch EC2 instance within the VPC:

  • Navigate to the EC2 dashboard.
  • Click on "Launch Instance" to start the instance creation process.
  • Follow the instance creation wizard, selecting the appropriate AMI, instance type, and other configuration options.
  • On the "Configure Instance Details" page, select the VPC and subnet created earlier.
  • Complete the instance setup and launch it within the chosen VPC.

4. Verify VPC association:

  • Once the instance is launched, navigate to the EC2 dashboard.
  • Locate the instance and verify that it is associated with the desired VPC in the "Network" column.

By following these steps, you can ensure that your EC2 instances are compliant with NIST 800-171 Revision 2 guidelines by being deployed within a VPC. Remember to review and update your security group rules and network access controls as needed to align with your specific security requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now