Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EC2 Instances Managed by AWS Systems Manager

Ensuring all EC2 instances are managed by AWS Systems Manager for improved security and compliance.

RuleEC2 instances should be managed by AWS Systems Manager
FrameworkSOC 2
Severity
High

Rule Description:

All EC2 instances within the organization should be managed by AWS Systems Manager as a security best practice to meet the requirements of SOC 2 (Service Organization Control 2) compliance. AWS Systems Manager provides a centralized management tool that enables efficient and secure operations of EC2 instances through automated actions and compliance monitoring capabilities.

By implementing this rule, organizations can ensure that EC2 instances are properly managed, monitored, and audited, reducing the risk of unauthorized access, configuration drift, and potential security vulnerabilities.

Troubleshooting Steps:

  1. 1.
    Check if AWS Systems Manager is enabled for the AWS account where EC2 instances reside.
  2. 2.
    Verify if the EC2 instances have the necessary permissions to communicate with AWS Systems Manager.
  3. 3.
    Review the AWS Systems Manager logs and event history for any errors or issues related to the management of EC2 instances.
  4. 4.
    Ensure the required AWS Systems Manager agent is installed and running on the EC2 instances.

Necessary Codes (if applicable):

In order to enforce the use of AWS Systems Manager for managing EC2 instances, you may consider using AWS Config, AWS CloudFormation, or AWS Organizations service controls. Below is an example of how to use AWS Config and AWS CloudFormation to enforce this rule:

  1. 1.
    Create an AWS Config rule to check if all EC2 instances have AWS Systems Manager enabled:
{
    "Type": "AWS::Config::ConfigRule",
    "Properties": {
        "ConfigRuleName": "Ec2InstancesManagedBySystemsManager",
        "Description": "Ensure all EC2 instances are managed by AWS Systems Manager.",
        "Source": {
            "Owner": "AWS",
            "SourceIdentifier": "EC2_MANAGED_BY_SYSTEMS_MANAGER"
        },
        "Scope": {
            "ComplianceResourceTypes": [
                "AWS::EC2::Instance"
            ]
        }
    }
}
  1. 1.
    Use AWS CloudFormation to deploy and configure the AWS Config rule:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: Ec2InstancesManagedBySystemsManager
      Description: Ensure all EC2 instances are managed by AWS Systems Manager.
      Source:
        Owner: AWS
        SourceIdentifier: EC2_MANAGED_BY_SYSTEMS_MANAGER
      Scope:
        ComplianceResourceTypes:
          - AWS::EC2::Instance

Step-by-Step Guide for Remediation:

  1. 1.
    Enable AWS Systems Manager for the AWS account if it is not already enabled.
  2. 2.
    Install the AWS Systems Manager agent on all EC2 instances that need to be managed.
  3. 3.
    Ensure that the EC2 instances have the necessary IAM role and permissions to communicate with AWS Systems Manager.
  4. 4.
    Verify if the EC2 instances are connected to AWS Systems Manager by checking the connection status in the Systems Manager console.
  5. 5.
    Monitor the AWS Systems Manager logs and event history for any errors or issues related to EC2 instance management.
  6. 6.
    If any EC2 instance is not managed by AWS Systems Manager, follow the steps below to remediate:
    • Identify the unmanaged EC2 instance.
    • Ensure the AWS Systems Manager agent is installed on the EC2 instance.
    • Verify if the EC2 instance has the necessary IAM role and permissions for AWS Systems Manager.
    • If needed, manually connect the EC2 instance to AWS Systems Manager by following the AWS documentation guides.
    • Monitor the connection status and logs to ensure successful EC2 instance management.

By following the above step-by-step guide, organizations can ensure that all EC2 instances are managed by AWS Systems Manager and stay compliant with SOC 2 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now