Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Unused Launch Configuration

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)
Rule ID: ASG-003

Identify any Auto Scaling Launch Configuration templates that are not used anymore by AWS Auto Scaling Groups and delete them from your account in order to adhere to AWS best practices.

This rule can help you with the following compliance standards:

  • APRA
  • MAS

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Operational
excellence
Sustainability

As good practice, every orphaned Launch Configuration template should be removed for a better management of your AWS Auto Scaling components.


Audit

To identify any orphaned AWS Launch Configuration templates (i.e. configuration templates that are not associated anymore with ASGs), perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Open the ASG dashboard Show/Hide Columns dialog box by clicking the configuration icon:

Open the ASG dashboard Show/Hide Columns dialog box by clicking the configuration icon

then select the Launch Configuration checkbox.

05 Under Launch Configuration column, identify the Launch Configuration template name for each ASG available in the current AWS region.

06 In the navigation panel, under AUTO SCALING section, choose Launch Configurations.

07 Under Name column, identify each Launch Configuration template name and compare it against the list of template names exposed at step no. 5. Any Launch Configuration template that is not associated with an ASG, found during the comparison process, should be marked as unused then safely removed (see Remediation/Resolution section).

08 Change the AWS region from the navigation bar and repeat the audit process for other regions.

Using AWS CLI

01 Run describe-launch-configurations command (OSX/Linux/UNIX) using custom output filters to list the names of all AWS Launch Configuration templates available in the selected region:

aws autoscaling describe-launch-configurations
	--region us-east-1
	--output table
	--query 'LaunchConfigurations[*].LaunchConfigurationName'

02 The command output should return a table with the requested template names:

------------------------------
|DescribeLaunchConfigurations|
+----------------------------+
|  MyWebLaunchConfig         |
|  MyAppCacheLaunchConfig    |
|  MyAppBackendLaunchConfig  |
+----------------------------+

03 Run describe-auto-scaling-groups command (OSX/Linux/UNIX) using appropriate filtering to list the names of the Launch Configuration templates associated with the Auto Scaling Groups provisioned in the selected AWS region:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--output table
	--query 'AutoScalingGroups[*].LaunchConfigurationName'

04 The command output should return a table with the Launch Configuration template names used by ASGs:

------------------------------
|  DescribeAutoScalingGroups |
+----------------------------+
|  MyWebLaunchConfig         |
|  MyAppBackendLaunchConfig  |
+----------------------------+

Now compare the metadata from the table returned at step no. 2 against the one returned at step no. 4 and identify any Auto Scaling Launch Configuration templates that are not associated anymore with ASGs available in the selected AWS region. Each detached template should be marked as unused then safely removed.

05 Repeat steps no. 1 – 4 to repeat the entire audit process for other AWS regions.

Remediation / Resolution

To remove any unused Auto Scaling Launch Configuration templates, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Select the unused AWS Launch Configuration template that you want to remove (see Audit section part I to identify the right templates).

05 Click on the Actions dropdown button from the dashboard top menu and choose Delete launch configuration command to delete the selected template.

06 In the Delete launch configuration dialog box, review the Launch Configuration template details then click Yes, Delete to confirm the action.

07 Repeat steps no. 4 – 6 to remove other unused Launch Configuration templates available in the current region.

08 Change the AWS region from the navigation bar and repeat the entire process for other regions.

Using AWS CLI

01 Run delete-launch-configuration command (OSX/Linux/UNIX) to delete any orphaned Auto Scaling Launch Configuration templates (see Audit section part II to identify the unused templates). The following command example removes an AWS Launch Configuration template named MyAppCacheLaunchConfig available in the US-East-1 region (the command does not return an output):

aws autoscaling delete-launch-configuration
	--region us-east-1
	--launch-configuration-name MyAppCacheLaunchConfig

02 Repeat step no. 1 to remove other unused Launch Configuration templates available in the selected region.

03 Change the AWS region and repeat the entire process for other regions.

References

Publication date Aug 30, 2016

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Unused Launch Configuration

Risk Level: Low