Rule: Attached EBS Volumes Should Have Delete on Termination Enabled

This rule ensures that EBS volumes are set to delete on termination for better security.

Rule	Attached EBS volumes should have delete on termination enabled
Framework	NIST Cybersecurity Framework (CSF) v1.1
Severity	✔ Medium

Rule Name: EBS Volumes - Enable Delete on Termination for NIST CSF (v1)

Description:

To comply with the NIST Cybersecurity Framework (CSF) version 1, it is recommended to enable the "Delete on Termination" option for all attached Elastic Block Store (EBS) volumes associated with EC2 instances. Enabling this option ensures that when an instance is terminated, all related EBS volumes are also automatically deleted to prevent potential data leakage or unauthorized access.

Troubleshooting Steps (if required):

If an EC2 instance is terminated and the associated EBS volume is not automatically deleted, follow these troubleshooting steps:

1.
Verify that the "Delete on Termination" option is enabled for the EBS volume. If not, proceed to the remediation steps below.

Remediation:

Follow these steps to enable the "Delete on Termination" option for EBS volumes associated with EC2 instances:

Step 1: Identify EC2 Instances without "Delete on Termination" enabled:

1.
Log in to the AWS Management Console.

2.
Navigate to the EC2 service.

Step 2: Select an EC2 Instance:

1.
From the EC2 Dashboard, select the desired region.

2.
Click on the "Instances" menu option from the left-hand side panel.

3.
Identify the EC2 instance(s) for which the "Delete on Termination" option needs to be enabled.

Step 3: Enable "Delete on Termination" for EBS Volumes:

1.
Select an EC2 instance.

2.
Under the "Description" tab, locate the "Block devices" section.

3.
Identify the attached EBS volumes associated with the selected EC2 instance.

4.
Click on each EBS volume and navigate to the "Actions" drop-down menu.

5.
Select "Modify Volume Attribute" from the drop-down menu.

6.
In the "Modify Volume Attachment" dialog box, ensure the "Delete on Termination" checkbox is checked.

7.
Click on the "Save" button to apply the changes.

8.
Repeat steps 4-7 for each attached EBS volume associated with the EC2 instance(s) identified in Step 2.

Step 4: Verify Changes:

1.
Select an EC2 instance.

2.
Under the "Description" tab, locate the "Block devices" section.

3.
Verify that the "Delete on Termination" option is now enabled for each attached EBS volume.

Configuration Code (if required):

No configuration code is required for this rule. The remediation steps involve modifying the settings through the AWS Management Console.

By following these steps, all attached EBS volumes associated with EC2 instances in compliance with the NIST CSF (v1) will have the "Delete on Termination" option enabled, ensuring automatic deletion upon instance termination.

Rule: Attached EBS Volumes Should Have Delete on Termination Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps (if required):

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 1: Identify EC2 Instances without "Delete on Termination" enabled:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 2: Select an EC2 Instance:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 3: Enable "Delete on Termination" for EBS Volumes:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 4: Verify Changes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Configuration Code (if required):

Is your System Free of Underlying Vulnerabilities? Find Out Now