Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Should Be Managed by AWS Systems Manager

Ensure high security by managing EC2 instances with AWS Systems Manager for compliance.

RuleEC2 instances should be managed by AWS Systems Manager
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

EC2 instances should be managed by AWS Systems Manager in order to comply with the security requirements outlined in NIST 800-53 Revision 5. AWS Systems Manager provides a centralized solution for configuration management, patching, and automation of EC2 instances, ensuring that they are kept up to date, secure, and properly managed.

Troubleshooting Steps

If you encounter any issues while managing EC2 instances with AWS Systems Manager, follow these troubleshooting steps:

  1. 1.

    Check IAM Roles: Ensure that the EC2 instances have the necessary IAM roles attached to allow access to AWS Systems Manager. Verify that the IAM permissions are correctly configured.

  2. 2.

    Check Instance Connectivity: Ensure that the EC2 instances have outbound internet connectivity. If the instances are in a private subnet, make sure they have a NAT gateway or VPN connection set up for internet access.

  3. 3.

    Verify AWS Systems Manager Agent: Validate that the AWS Systems Manager Agent is installed and running on the EC2 instances. You can check the agent status using the following command:

    sudo systemctl status amazon-ssm-agent
    
  4. 4.

    Review Systems Manager Logs: Examine the Systems Manager logs on the EC2 instances to identify any potential errors or issues. The log files can be found in the following location:

    /var/log/amazon/ssm/amazon-ssm-agent.log
    
  5. 5.

    Check Security Groups and NACLs: Ensure that the security groups and network access control lists (NACLs) associated with the EC2 instances allow the necessary inbound and outbound communication for AWS Systems Manager.

  6. 6.

    Verify Systems Manager Configuration: Validate that the Systems Manager configuration is correct. Check that the managed instances are properly registered with AWS Systems Manager.

Necessary Codes

There are no specific codes required for this rule. However, you may need to use AWS CLI commands or SDK APIs to manage IAM roles, security groups, and Systems Manager configurations.

Step-by-Step Guide for Remediation

To comply with the rule and manage EC2 instances using AWS Systems Manager, follow these steps:

  1. 1.

    Configure IAM Roles:

    • Create an IAM role with the necessary policies for Systems Manager access.
    • Attach the IAM role to the EC2 instances that you want to manage.
    • Use the AWS Management Console or AWS CLI to configure the IAM roles.
  2. 2.

    Install or Update AWS Systems Manager Agent:

    • For new EC2 instances, ensure that AWS Systems Manager Agent is available by default.
    • For existing EC2 instances or instances where AWS Systems Manager Agent is not installed, follow these steps:
      • Connect to the EC2 instance using SSH or remote desktop.
      • Download and install the AWS Systems Manager Agent based on your operating system:
        • Linux: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html#agent-install-alinux
        • Windows: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html#agent-install-windows
      • Restart the instance to start the Systems Manager Agent.
  3. 3.

    Register EC2 Instances with Systems Manager:

    • Use the AWS Management Console, AWS CLI, or SDK APIs to register the EC2 instances with AWS Systems Manager.
    • Make sure to select the appropriate instances and verify the registration status.
  4. 4.

    Verify Managed Instances:

    • Once the instances are registered, verify that they appear in the "Managed Instances" section of the AWS Systems Manager console.
    • Check the status of the instances and ensure they are marked as "Managed."
  5. 5.

    Configure Systems Manager Automation:

    • Set up Systems Manager Automation to automate routine operational tasks, such as patching, configuration management, and maintenance.
    • Define the automation documents and associate them with appropriate targets.
    • Use the AWS Management Console or AWS CLI to configure the automation.

By following these steps, you will ensure that your EC2 instances are managed using AWS Systems Manager, meeting the necessary requirements of NIST 800-53 Revision 5.

Is your System Free of Underlying Vulnerabilities?
Find Out Now