Open menu
-->

AWS EC2 Desired Instance Type

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Security

Risk level: Medium (should be achieved)

Determine if the EC2 instances provisioned in your AWS account have the desired instance type(s) established by your organization based on the workload deployed. Cloud Conformity provides you the capability to define the desired EC2 instance type(s) based on your workload requirements upon enabling this rule (the rule is disabled by default).

This rule resolution is part of the Cloud Conformity Security Package

Setting limits for the type(s) of EC2 instances provisioned in your AWS account will help you to manage better your cloud compute power, address internal compliance requirements and prevent unexpected charges on your AWS bill.

Audit

To determine if the EC2 instances launched in your AWS account have all the desired instance type(s), perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Instances.

04 Click inside the attributes filter box located under the EC2 dashboard top menu, select Instance Type, type the name of the desired instance type prefixed with an exclamation mark (e.g. !m3.medium) and press Enter. If the filtering process returns one or more EC2 instances as result, the instances available in the current region were not launched using the desired type, therefore you must take action and raise an AWS support case to limit EC2 instance creation only to the desired/required instance type(s) (see Remediation/Resolution section).

05 Change the AWS region from the navigation bar and repeat step no. 4 for all other regions.

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) using appropriate filtering to list the type(s) of the running EC2 instances currently provisioned in the selected region:

aws ec2 describe-instances
	--region us-east-1
	--filters "Name=instance-state-name,Values=running"
	--output table
	--query 'Reservations[*].Instances[*].InstanceType'

02 The command output should return a table with the requested EC2 instance type(s):

---------------------------------------------------------
|                   DescribeInstances                   |
+-------------+-------------+-------------+--------------
|  m3.medium  |  m3.medium  |  m3.medium  |  c3.xlarge  |
+-------------+-------------+-------------+--------------

This filtering method will help you to determine the type of each running EC2 instance available in the selected region. If the instance types returned are not the ones expected, you must take action and raise an AWS support case to limit EC2 instance creation only to the desired/required instance type(s).

03 Repeat step no. 1 and 2 to perform the audit process for all other AWS regions.

Remediation / Resolution

To limit the EC2 instances that will be launched in your account to the desired instance type(s), perform the following:

Note: Raising a support case to request the necessary limitation using the AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at http://aws.amazon.com/contact-us/ec2-request/.

03 On the Create Case support page, perform the following:

  1. Under Regarding, select Service Limit Increase.
  2. Choose EC2 Instances from the Limit Type dropdown list as the type of limit to increase.
  3. In the Request section, perform the following actions:
    • Select the AWS region where the instance type limit is required from the Region dropdown list.
    • Select the desired EC2 instance type from the Primary Instance Type dropdown list.
    • Select Instance Limit from the Limit dropdown list.
    • In the New limit value box, enter the limit value to request for the selected instance type based on your requirements.
  4. If you need to send multiple requests for multiple instance types, click the Add another request button to add as many requests as needed and repeat step c.
  5. In the Use Case Description textbox, enter a small description where you explain the instance type limit request so AWS support can evaluate your case.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the request to AWS Support.

References

Publication date Jun 23, 2016