Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Managed by AWS Systems Manager

Ensure all EC2 instances are managed by AWS Systems Manager for improved security and compliance.

RuleEC2 instances should be managed by AWS Systems Manager
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

According to the NIST 800-53 Revision 5 standards, all EC2 instances should be managed by AWS Systems Manager. This ensures better security, compliance, and centralized management of instances within the AWS environment. AWS Systems Manager offers a suite of tools and features that enable administrators to automate tasks, configure instances, and manage operational tasks in a controlled manner.

Troubleshooting Steps (if applicable):

If you encounter any issues while leveraging AWS Systems Manager for managing EC2 instances, consider the following troubleshooting steps:

  2. 1.

    Check IAM Roles: Ensure that the IAM roles associated with the EC2 instances have the necessary permissions to interact with AWS Systems Manager. Confirm that the roles have the appropriate policies attached for SSM access.

  4. 2.

    Verify Agent Installation: Validate that the Systems Manager agent is installed and running on the EC2 instances. If it is not installed or not running correctly, follow the AWS Systems Manager installation guide to troubleshoot and reinstall the agent.

  6. 3.

    Network Configuration: Ensure that the necessary network configurations are in place to allow communication between EC2 instances and AWS Systems Manager. Review security groups and network ACLs to verify that the required ports (e.g., port 443) are open and accessible.

Necessary Codes (if applicable):

If you need to configure EC2 instances to be managed by AWS Systems Manager, follow these necessary codes:

  2. 1.
    Launch EC2 instances with Systems Manager Integration:
aws ec2 run-instances \
    --image-id <AMI-ID> \
    --instance-type <INSTANCE-TYPE> \
    --key-name <KEY-NAME> \
    --subnet-id <SUBNET-ID> \
    --iam-instance-profile Name=<IAM-ROLE-WITH-SSM-PERMISSIONS> \
    --user-data '{
        "aws:runCommand": {
            "Comment": "Configure EC2 instances for AWS Systems Manager",
            "DocumentName": "AWS-ConfigureAWSPackage",
            "Parameters": {
                "commands": ["aws:domainJoin", "example-command"]
            }
        }
    }'
  2. 1.
    Configure existing EC2 instances for Systems Manager Management:
aws ssm create-association \
    --name "AWS-ConfigureAWSPackage" \
    --parameters '{
        "commands": ["aws:domainJoin", "example-command"]
    }' \
    --targets '{
        "Key": "InstanceIds",
        "Values": [
            "<INSTANCE-ID-1>",
            "<INSTANCE-ID-2>"
        ]
    }'

Step-by-Step Remediation Guide:

To comply with the NIST 800-53 Revision 5 requirement and manage EC2 instances with AWS Systems Manager, follow these step-by-step instructions:

  2. 1.

    Launch New EC2 Instances:

    • Select an appropriate AMI with the necessary operating system and software configurations.
    • Choose the desired instance type based on your requirements.
    • Specify the appropriate key pair or create a new one for instance access.
    • Select the appropriate subnet within your VPC.
    • Attach an IAM role to the instance that has the necessary policies allowing Systems Manager access.
    • Use the provided necessary codes for launching the instances with Systems Manager integration.
  4. 2.

    Configure Existing EC2 Instances:

    • Identify the existing EC2 instances that need to be managed by AWS Systems Manager.
    • Ensure the instances have the Systems Manager agent installed and running.
    • Associate the instances with the desired IAM role that has necessary Systems Manager permissions.
    • Use the provided necessary codes for configuring the existing instances for Systems Manager management.
  6. 3.

    Verify Systems Manager Management:

    • Open the AWS Systems Manager console.
    • Navigate to the "Managed Instances" section.
    • Ensure that the EC2 instances appear under the "Managed Instances" list and show an "Online" status.
    • Test various Systems Manager features such as running commands, managing patches, or scheduling maintenance tasks to confirm functionality.

By following these steps, you will successfully manage your EC2 instances using AWS Systems Manager, meeting the NIST 800-53 Revision 5 requirement for improved security and centralized management.

Is your System Free of Underlying Vulnerabilities?
Find Out Now