Logo of Trend Micro

EC2 Instance Counts

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)
Rule ID: EC2-018

Determine if the number of EC2 instances provisioned in your AWS account has reached the limit quota established by your organization for the workload deployed. By default, Cloud Conformity sets a threshold value of 50 for the maximum number of provisioned instances, however, you have the capability to adjust the threshold based on your organization requirements upon enabling this rule.

This rule can help you with the following compliance standards:

  • APRA
  • MAS

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS

Security

Monitoring and setting limits for the maximum number of EC2 instances provisioned in your AWS account will help you to manage better your compute power and prevent unexpected charges on your AWS bill in case of auto-scaling misconfiguration or large DDOS attacks.

Note: The threshold for the maximum number of EC2 instances per AWS account set for this guide is 50 (default value).

Audit

To determine the number of EC2 instances currently available in your AWS account, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under INSTANCES section, choose Instances.

04 Check the total number of EC2 instances available in the current AWS region, listed in the top-right section of the dashboard, e.g.

total number of EC2 instances available in the current AWS region

06 Change the AWS region from the navigation bar and repeat step no. 4 for all other regions. If the total number of running EC2 instances provisioned in your AWS account is greater than 50, the recommended threshold was exceeded, therefore you must take action and raise an AWS support case to limit the number of instances based on your requirements (see Remediation/Resolution section).

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) using custom filtering to list the IDs of all existing EC2 instances currently provisioned in the selected region: 

aws ec2 describe-instances
	--region us-east-1
	--output table
	--query 'Reservations[*].Instances[*].InstanceId'

02 The command output should return a table with the requested instance IDs: 

-------------------------
|   DescribeInstances   |
+-----------------------+
|  i-08c7ec002064cf995  |
|  i-09ba8dfcbc9f8c088  |
|  i-0d807d8ed0892dbca  |
|  ...                  |
|  i-05cd8dfcbc9f8c034  |
|  i-0c117d8ed0892dd8a  |
|  i-0c1b9c55f0892bdc5  |
|  ...                  |
|  i-0455346e06d9425e5  |
|  i-043801b9c55f55f5c  |
|  i-0b9cdfa00d01f7d0b  |
+-----------------------+

03 Repeat step no. 1 and 2 to perform the process for all other AWS regions. Each command output should return a table with the instance IDs available in the selected region. Each table row returned represents an individual EC2 instance. If the total number of rows in all your tables is greater than 50 (combined), the recommended limit threshold was exceeded, therefore you must take action and raise an AWS support case to limit the number of EC2 instances that can be provisioned in your account.

Remediation / Resolution

To raise an AWS support case to limit the number of provisioned EC2 instances based on your requirements, perform the following:

Note: Requesting a limit for the number of EC2 instances per region using the AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at http://aws.amazon.com/contact-us/ec2-request/.

03 On the Create Case support page, perform the following:

  1. Under Regarding, select Service Limit Increase.
  2. Choose EC2 Instances from the Limit Type dropdown list.
  3. In the Request section, perform the following actions:
    • Select the AWS region where the EC2 limit is required from the Region dropdown list.
    • Select the appropriate EC2 instance type from the Primary Instance Type dropdown list.
    • Select Instance Limit from the Limit dropdown list.
    • In the New limit value box, enter the limit value to request for the selected instance type.
  4. To limit the number of EC2 instances for other instance types, click the Add another request button to add as many requests as needed and repeat step c.
  5. In the Use Case Description textbox, enter a small description where you explain the limit request so AWS support can evaluate your case.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the limit request to AWS. A customer support representative will contact you shortly.

References

Publication date Jun 23, 2016

Related EC2 rules

Unlock the Remediation Steps

Gain free unlimited access
to our full Knowledge Base

Over 750 rules & best practices
for AWS and Azure

You are auditing:

EC2 Instance Counts

Risk level: Medium