Rule: EC2 Stopped Instances Removal Within 30 Days
This rule ensures that all EC2 stopped instances are removed within 30 days for better configuration management.
| Rule | EC2 stopped instances should be removed in 30 days |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description
The rule states that any stopped EC2 instances should be removed within a period of 30 days. This rule is aligned with the NIST 800-53 Revision 5 security standard, which requires the timely removal of unused resources to mitigate potential security risks and promote efficient resource utilization.
Troubleshooting Steps (if applicable)
If instances are not being removed within the specified timeframe, you may encounter the following issues:
- 1.Accumulation of unused resources, which can lead to unnecessary costs and resource inefficiencies.
- 2.Increased vulnerability to potential security threats as stopped instances may still retain sensitive data or configurations.
Necessary Codes (if applicable)
There are no specific codes associated with this rule. However, you can utilize AWS Command Line Interface (CLI) commands to automate the removal process.
Step-by-Step Guide for Remediation
To ensure compliance with the EC2 instance removal policy within 30 days, follow these step-by-step guidelines:
- 1.
Identify Stopped Instances:
- Run the following AWS CLI command to list all the stopped instances in your region:
aws ec2 describe-instances --filters "Name=instance-state-name,Values=stopped"
- 2.
Review Results:
- Examine the output of the command to ensure that the instances listed are indeed in a stopped state and classify them as either required or no longer needed.
- 3.
Determine Removal Candidates:
- Identify the instances that are eligible for removal within the 30-day period based on their relevance and necessity. Take note of their instance IDs.
- 4.
Check Instance State and Lifecycle:
- For each instance, verify its state to ensure it is still in a stopped state. Instances that are restarted or terminated should not be removed.
- 5.
Backup Important Data (if necessary):
- If there are any important data or configurations stored within the instances, ensure that you have backed up the data before proceeding with the removal process to prevent data loss.
- 6.
Remove Instances:
- Run the following AWS CLI command to remove instances that are no longer needed:
aws ec2 terminate-instances --instance-ids <comma-separated instance IDs>
- 7.
Verify Removal:
- Utilize the following AWS CLI command to verify if the instances have been successfully terminated:
aws ec2 describe-instances --instance-ids <comma-separated instance IDs>
- 8.
Schedule Regular Compliance Audits:
- To maintain compliance with the 30-day removal policy, schedule regular audits to identify instances that may have been missed or require immediate removal.
By following these steps, you can effectively comply with the NIST 800-53 Revision 5 requirement by removing stopped EC2 instances within the specified time frame.