Ensuring all EC2 instances are managed by AWS Systems Manager for improved security and compliance.
Rule | EC2 instances should be managed by AWS Systems Manager |
Framework | SOC 2 |
Severity | ✔ High |
Rule Description:
All EC2 instances within the organization should be managed by AWS Systems Manager as a security best practice to meet the requirements of SOC 2 (Service Organization Control 2) compliance. AWS Systems Manager provides a centralized management tool that enables efficient and secure operations of EC2 instances through automated actions and compliance monitoring capabilities.
By implementing this rule, organizations can ensure that EC2 instances are properly managed, monitored, and audited, reducing the risk of unauthorized access, configuration drift, and potential security vulnerabilities.
Troubleshooting Steps:
Necessary Codes (if applicable):
In order to enforce the use of AWS Systems Manager for managing EC2 instances, you may consider using AWS Config, AWS CloudFormation, or AWS Organizations service controls. Below is an example of how to use AWS Config and AWS CloudFormation to enforce this rule:
{ "Type": "AWS::Config::ConfigRule", "Properties": { "ConfigRuleName": "Ec2InstancesManagedBySystemsManager", "Description": "Ensure all EC2 instances are managed by AWS Systems Manager.", "Source": { "Owner": "AWS", "SourceIdentifier": "EC2_MANAGED_BY_SYSTEMS_MANAGER" }, "Scope": { "ComplianceResourceTypes": [ "AWS::EC2::Instance" ] } } }
AWSTemplateFormatVersion: '2010-09-09'
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: Ec2InstancesManagedBySystemsManager
Description: Ensure all EC2 instances are managed by AWS Systems Manager.
Source:
Owner: AWS
SourceIdentifier: EC2_MANAGED_BY_SYSTEMS_MANAGER
Scope:
ComplianceResourceTypes:
- AWS::EC2::Instance
Step-by-Step Guide for Remediation:
By following the above step-by-step guide, organizations can ensure that all EC2 instances are managed by AWS Systems Manager and stay compliant with SOC 2 requirements.