Ensure high security by managing EC2 instances with AWS Systems Manager for compliance.
Rule | EC2 instances should be managed by AWS Systems Manager |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ High |
Rule Description
EC2 instances should be managed by AWS Systems Manager in order to comply with the security requirements outlined in NIST 800-53 Revision 5. AWS Systems Manager provides a centralized solution for configuration management, patching, and automation of EC2 instances, ensuring that they are kept up to date, secure, and properly managed.
Troubleshooting Steps
If you encounter any issues while managing EC2 instances with AWS Systems Manager, follow these troubleshooting steps:
Check IAM Roles: Ensure that the EC2 instances have the necessary IAM roles attached to allow access to AWS Systems Manager. Verify that the IAM permissions are correctly configured.
Check Instance Connectivity: Ensure that the EC2 instances have outbound internet connectivity. If the instances are in a private subnet, make sure they have a NAT gateway or VPN connection set up for internet access.
Verify AWS Systems Manager Agent: Validate that the AWS Systems Manager Agent is installed and running on the EC2 instances. You can check the agent status using the following command:
sudo systemctl status amazon-ssm-agent
Review Systems Manager Logs: Examine the Systems Manager logs on the EC2 instances to identify any potential errors or issues. The log files can be found in the following location:
/var/log/amazon/ssm/amazon-ssm-agent.log
Check Security Groups and NACLs: Ensure that the security groups and network access control lists (NACLs) associated with the EC2 instances allow the necessary inbound and outbound communication for AWS Systems Manager.
Verify Systems Manager Configuration: Validate that the Systems Manager configuration is correct. Check that the managed instances are properly registered with AWS Systems Manager.
Necessary Codes
There are no specific codes required for this rule. However, you may need to use AWS CLI commands or SDK APIs to manage IAM roles, security groups, and Systems Manager configurations.
Step-by-Step Guide for Remediation
To comply with the rule and manage EC2 instances using AWS Systems Manager, follow these steps:
Configure IAM Roles:
Install or Update AWS Systems Manager Agent:
Register EC2 Instances with Systems Manager:
Verify Managed Instances:
Configure Systems Manager Automation:
By following these steps, you will ensure that your EC2 instances are managed using AWS Systems Manager, meeting the necessary requirements of NIST 800-53 Revision 5.