Rule: EC2 Instances Should Be Managed by AWS Systems Manager
This rule highlights the requirement for managing EC2 instances exclusively through AWS Systems Manager.
| Rule | EC2 instances should be managed by AWS Systems Manager |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
Rule Description: EC2 instances should be managed by AWS Systems Manager for RBI Cyber Security Framework
Rule Summary:
This rule ensures that all EC2 instances within an AWS account are managed by AWS Systems Manager, in compliance with the Reserve Bank of India (RBI) Cyber Security Framework. AWS Systems Manager provides a secure and centralized way to manage EC2 instances, facilitating improved security control, visibility, and compliance.
Rule Details:
EC2 instances within the AWS account must be managed by AWS Systems Manager. This ensures that the RBI Cyber Security Framework is adhered to and helps to strengthen security controls for the instances. AWS Systems Manager simplifies the management process by automating tasks such as patch management, compliance monitoring, and software inventory management.
Troubleshooting Steps:
If an EC2 instance is not managed by AWS Systems Manager, the following troubleshooting steps can be followed:
- 1.
Verify EC2 instance association: Check if the EC2 instance is associated with any AWS Systems Manager documents or parameter store values. To do this:
- Open the AWS Systems Manager console.
- Click on "Managed Instances" from the navigation pane.
- Search for the EC2 instance in question and ensure it is listed.
- 2.
Verify AWS Systems Manager Agent (SSM Agent) installation: Confirm if the SSM Agent is installed and running properly on the EC2 instance. To do this:
- Connect to the EC2 instance using SSH or Remote Desktop.
- Run the following command to check if the SSM Agent is running:
If the agent is not running, follow the appropriate AWS documentation to install and configure the agent.systemctl status amazon-ssm-agent # For Amazon Linux 2 and Ubuntu instances sc query amazon-ssm-agent # For Windows instances
- 3.
Troubleshoot agent connectivity issues: If the SSM Agent is running but there are connectivity issues, follow these steps:
- Ensure that the EC2 instance has proper internet access or is in a VPC with the necessary network configuration.
- Check if any network or security group rules are blocking outbound/inbound communication between the EC2 instance and AWS Systems Manager service endpoints.
- Ensure that the EC2 instance has an IAM role with the necessary permissions to access Systems Manager services.
Necessary Codes:
No specific codes are required for this rule. However, the AWS Systems Manager agent (SSM Agent) needs to be installed and running on the EC2 instances.
Step-by-Step Guide for Remediation:
To remediate the non-compliant EC2 instances and make sure they are managed by AWS Systems Manager, follow these steps:
- 1.
Install and configure the AWS Systems Manager agent (SSM Agent) on the EC2 instances that are not managed.
- Connect to the EC2 instance using SSH or Remote Desktop.
- Follow the appropriate AWS documentation to install and configure the SSM Agent.
- 2.
Check if the EC2 instance is associated with the necessary Systems Manager documents or parameter store values.
- Open the AWS Systems Manager console.
- Click on "Managed Instances" from the navigation pane.
- Search for the EC2 instance in question and ensure it is listed.
- If not listed, associate the instance with the appropriate Systems Manager documents or parameter store values.
- 3.
Validate that the EC2 instance is now being managed by AWS Systems Manager.
- Confirm the successful installation and configuration of the SSM Agent.
- Check if the EC2 instance appears as "Managed" in the AWS Systems Manager console.
Ensure that these steps are performed for all non-compliant EC2 instances within the AWS account to meet the RBI Cyber Security Framework requirements and ensure comprehensive management of EC2 instances.