This rule ensures that EC2 instances have EBS optimization enabled for improved performance and cost-efficiency.
Rule | EC2 instance should have EBS optimization enabled |
Framework | SOC 2 |
Severity | ✔ High |
Rule Description:
EC2 instances should have Elastic Block Store (EBS) optimization enabled in order to comply with SOC 2 requirements. EBS optimization enhances the performance and throughput of EBS volumes attached to the EC2 instances.
Troubleshooting Steps:
Verify EBS optimization support: Ensure that the EC2 instance type you are using supports EBS optimization. Not all instance types allow EBS optimization. Refer to the AWS documentation for a list of instance types that support EBS optimization.
Check current EBS optimization setting: Verify if your EC2 instance has EBS optimization enabled or disabled. This can be found under the "Elastic Block Store" section in the EC2 instance settings.
Enable EBS optimization: If EBS optimization is not enabled, follow the remediation steps to enable it.
Remediation Steps:
Identify the EC2 instance(s) without EBS optimization enabled.
Connect to the EC2 instance using SSH or AWS Systems Manager Session Manager.
Open the command-line interface or terminal.
List the existing block devices attached to the instance using the following command:
lsblk
Identify the block device(s) that need EBS optimization enabled. These devices will have "nvme" in the name.
Edit the EC2 instance configuration file using the following command:
sudo vi /etc/default/grub
Locate the line that starts with "GRUB_CMDLINE_LINUX" and append the following flag at the end of the line:
nvme_core.io_sq_threads=2 nvme_core.io_sq_throttle=1
This enables EBS optimization for the instance.
Save the changes and exit the editor.
Update the GRUB configuration by running the following command:
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
Reboot the instance for the changes to take effect:
sudo reboot
After the instance has rebooted, reconnect to the instance.
Verify if EBS optimization is enabled by executing the following command:
lsblk --output NAME,MODEL,OPTIO
Look for the "opts" column and confirm that it displays "ebs" for the EBS volumes.
Repeat steps 1-12 for every EC2 instance that needs EBS optimization enabled.
Additional Information:
Enabling EBS optimization for EC2 instances improves the performance and reduces the latency of Amazon EBS volumes attached to the instances. It ensures that the instances can achieve their maximum IOPS and throughput capabilities.
Please note that enabling EBS optimization may incur additional charges, as it may require larger instances or higher-tier instance types. It is recommended to review the pricing details on the AWS website or consult with an AWS cost optimization specialist before enabling EBS optimization across all instances.