Ensure that none of the Amazon EC2 instances provisioned in your AWS account have their instance type blocklisted by your organization. Prior to running this rule by the Cloud Conformity engine, the list with the blocklisted EC2 instance types must be configured within the rule settings, on the Cloud Conformity account dashboard.
This rule resolution is part of the Cloud Conformity solution
Setting limits for the instance types used within your organization can help you address internal security compliance and prevent unexpected charges on your AWS bill. Furthermore, blocklisting a small set of EC2 instance types, usually extremely large instance types such as r4.16xlarge or c5d.18xlarge, is much more efficient than having to explicitly permit a large number of allowed types.
Audit
To determine if there are any EC2 instances with the instance type blocklisted, available in your AWS account, perform the following actions:
Remediation / Resolution
To ensure that no EC2 instances are launched within your AWS account using blocklisted instance types, perform the following actions:
Note: Creating a support case to request the instance type restrictions using the AWS cloud API via Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- Amazon EC2 FAQs
- Amazon EC2 Instance Types
- Instance Types
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check for EC2 Instances with Blocklisted Instance Types
Risk level: High