Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Managed by AWS Systems Manager

Ensure EC2 instances are managed by AWS Systems Manager for high compliance

RuleEC2 instances should be managed by AWS Systems Manager
FrameworkSOC 2
Severity
High

Rule Description:

EC2 instances should be managed by AWS Systems Manager as a security best practice for SOC 2 compliance. AWS Systems Manager provides a centralized platform to manage and automate administrative and operational tasks across your EC2 instances. By using AWS Systems Manager, you can ensure that the necessary security configurations, patches, and software installations are consistently applied on your EC2 instances, enhancing the security posture of your environment.

Troubleshooting Steps:

If you encounter any issues while attempting to manage your EC2 instances using AWS Systems Manager, you can follow these troubleshooting steps:

  2. 1.

    Verify EC2 Instance IAM Role: Ensure that the EC2 instances you want to manage have an appropriate IAM role associated with them, granting the necessary permissions to AWS Systems Manager. If the IAM role is missing or incorrect, modify the IAM role to include the required permissions.

  4. 2.

    Check EC2 Instance Availability: Confirm that the EC2 instances you are trying to manage are running and accessible. Ensure that these instances are in a healthy state and have connectivity to the AWS Systems Manager service.

  6. 3.

    Verify Systems Manager Agent Installation: Ensure that the Systems Manager agent is installed and running on the EC2 instances you want to manage. The agent is responsible for facilitating communication between EC2 instances and AWS Systems Manager. If the agent is not installed, refer to the AWS documentation for instructions on how to install it.

  8. 4.

    Review Systems Manager Permissions: Check the AWS Identity and Access Management (IAM) policies associated with the IAM roles used for EC2 instances. Ensure that the IAM roles have the required permissions to interact with the AWS Systems Manager APIs and perform necessary actions.

  10. 5.

    Check EC2 Instance Network Configuration: Verify that the EC2 instances have the appropriate network configuration to communicate with the AWS Systems Manager service. This includes ensuring that the necessary ports and protocols are allowed in your security groups, network ACLs, and other networking components.

Necessary Codes:

In some cases, you may need to use certain codes or scripts to configure and manage EC2 instances using AWS Systems Manager. Here are a few examples:

  2. 1.
    Run Command: Use the following AWS Command Line Interface (CLI) command to execute a command remotely on your EC2 instances:
aws ssm send-command --document-name "AWS-RunShellScript" --instance-ids "instance-id" --parameters commands="your-command" --region "your-region"
  2. 1.
    Patch Management: AWS Systems Manager enables you to automate the patching process for your EC2 instances. You can leverage AWS-provided patch baselines or create custom patch baselines to define which patches should be applied. Here's an example of using the AWS CLI to apply patches to EC2 instances:
aws ssm create-patch-baseline --name "MyPatchBaseline"
aws ssm register-patch-baseline-for-patch-group --baseline-id "baseline-id" --patch-group "your-patch-group"
  2. 1.
    State Manager: You can define and apply standard configurations to your EC2 instances using the State Manager feature in AWS Systems Manager. This helps ensure consistency across your instances. Here's an example of using the AWS CLI to create a State Manager association:
aws ssm create-association --name "MyAssociation" --targets "instance-id" --parameters "your-parameters"

Step-by-Step Guide for Remediation:

To manage your EC2 instances using AWS Systems Manager, follow these step-by-step instructions:

  2. 1.

    Step 1: Verify IAM Role

    • Go to the AWS Management Console.
    • Open the EC2 service.
    • Select the EC2 instances you want to manage.
    • Check the IAM role associated with the instances.
    • Ensure that the IAM role has the necessary permissions for AWS Systems Manager.
  4. 2.

    Step 2: Install Systems Manager Agent

    • Connect to the EC2 instances via SSH or remote desktop.
    • Download and install the Systems Manager agent on each instance.
    • Verify that the agent is running and able to communicate with AWS Systems Manager.
  6. 3.

    Step 3: Configure Security Groups and Network ACLs

    • Update the security groups associated with the EC2 instances to allow inbound and outbound communication with the AWS Systems Manager service on the required ports.
    • Verify that network ACLs or other network configurations are not blocking the necessary communication.
  8. 4.

    Step 4: Execute Commands Using Run Command

    • Use AWS CLI or the AWS Management Console to execute commands remotely on the EC2 instances.
    • Ensure that the necessary permissions are granted to the IAM role associated with the EC2 instances to run commands using AWS Systems Manager.
  10. 5.

    Step 5: Automate Patch Management

    • Define patch baselines for your EC2 instances, specifying the patches to be applied.
    • Create patch groups and associate them with the EC2 instances.
    • Enable automatic patching on the patch groups to automate the patch management process.
  12. 6.

    Step 6: Create State Manager Associations

    • Define standard configurations for your EC2 instances using the AWS Management Console or AWS CLI.
    • Create State Manager associations to apply the defined configurations to the EC2 instances.

By following these steps, you can effectively manage your EC2 instances using AWS Systems Manager and meet the security requirements for SOC 2 compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now