Logo of Trend Micro

EC2 Instance Generation

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)
Rule ID: EC2-029

Ensure that all servers available in your AWS account are using the latest generation of EC2 instances to get the best performance with lower costs.

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS

Performance
efficiency
Cost
optimisation

Using the current (latest) generation of EC2 instances instead of the previous generation has multiple advantages such as better hardware performance (faster CPUs, increased memory and network throughput), better virtualization technology (HVM) and lower costs. If you are currently using any EC2 instances from the previous generation, we highly recommend upgrading these instances with their latest generation equivalents.

Audit

The following table will help you to identify any previous generation instance type in use:

EC2 Instance Family Previous Generation Instance Types
General purpose m1.small | m1.medium | m1.large | m1.xlarge | m3.medium | m3.large | m3.xlarge | m3.2xlarge
Compute optimized c1.medium | c1.xlarge | cc2.8xlarge | c3.large | c3.xlarge | c3.2xlarge | c3.4xlarge | c3.8xlarge
Memory optimized m2.xlarge | m2.2xlarge | m2.4xlarge | cr1.8xlarge | r3.large | r3.xlarge | r3.2xlarge | r3.4xlarge | r3.8xlarge
Storage optimized i2.xlarge | i2.2xlarge | i2.4xlarge | i2.8xlarge | hs1.8xlarge
GPU instances g2.2xlarge | g2.8xlarge
Micro instances t1.micro

To determine if there are any EC2 instances from the previous generation currently available in your AWS account, perform the following:

Using AWS Console

01Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Instances section, click Instances.

04 Select the EC2 instance that you need to examine.

05 Select the Description tab from the bottom panel.

06 And check the selected Instance type parameter value:

Check the selected Instance type parameter value

to determine if the instance is using a previous generation configuration type like the ones listed in the table.

07 Repeat step no. 4, 5 and 6 for each EC2 instance available in the current region. Change the AWS region from the navigation bar:

Change the AWS region from the navigation bar

to repeat the process for the other regions. To upgrade the instance type to its latest generation equivalent, see Remediation / Resolution section.

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) to expose the configuration type for each EC2 instance available in the selected region: 

aws ec2 describe-instances
	--region us-east-1
	--output table
	--query 'Reservations[*].Instances[*].InstanceType'

02 The command output should return a table with all the instance types available in the selected region: 

|DescribeInstances|
+-----------------+
|  m1.medium      |
|  t1.micro       |
|  m3.medium      |
+-----------------+

If one or more instance types returned match the previous generation types (consult the Audit section table), we highly recommend to upgrade these instances.

Remediation / Resolution

The following table will help you choose the current generation equivalent instance type for your EC2 instances, during the upgrade (resize) process:

Previous Generation Instance Types Current Generation Instance Types
m1.small | m1.medium | m1.large | m1.xlarge | m3.medium | m3.large | m3.xlarge | m3.2xlarge t2.small | t2.medium | t2.large | t2.xlarge | m5.large | m5.large | m5.xlarge | m5.2xlarge
c1.medium | c1.xlarge | cc2.8xlarge | c3.large | c3.xlarge | c3.2xlarge | c3.4xlarge | c3.8xlarge c5.large | c5.xlarge | r4.2xlarge | c5.large | c5.xlarge | c5.2xlarge | c5.4xlarge | c5a.8xlarge
m2.xlarge | m2.2xlarge | m2.4xlarge | cr1.8xlarge | r3.large | r3.xlarge | r3.2xlarge | r3.4xlarge | r3.8xlarge r4.xlarge | r4.2xlarge | r4.4xlarge | r4.8xlarge | r4.large | r4.xlarge | r4.2xlarge | r4.4xlarge | r4.8xlarge
i2.xlarge | i2.2xlarge | i2.4xlarge | i2.8xlarge | hs1.8xlarge i3.xlarge | i3.2xlarge | i3.4xlarge | i3.8xlarge | d2.4xlarge
g2.2xlarge | g2.8xlarge g3.4xlarge | g3.8xlarge
t1.micro t2.micro

To upgrade your previous generation instances to their latest generation equivalents, perform the following: (!) Important note: the following process assumes that the EC2 instances selected for upgrade are NOT currently used in production or for critical operations. To upgrade (resize) production instances without any downtime, you should create a snapshot of your current image and launch a new instance from that snapshot using the required (latest generation) type.

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the navigation panel, under Instances section, click Instances.

04 Select the EC2 instance that you need to upgrade.

05 Click Actions button from the dashboard top menu, select Instance State, then select Stop.

06 In the Stop Instances dialog box, review the action details and click Yes, Stop to stop the instance.

07 Click Actions button from the dashboard top menu, select Instance Settings, then select Change Instance Type (this action is disabled if the selected instance is not currently stopped).

08 In the Change Instance Type dialog box, perform the following:

  1. From the Instance Type dropdown list, select the recommended equivalent instance type (consult Remediation/Resolution table). If the equivalent instance type is not available in the dropdown list, then its type is not compatible with your instance current configuration because of the virtualization type incompatibility (PV or HVM) or the virtual network where your instance was launched (VPC or EC2-Classic).
  2. (Optional) Select EBS-optimized to enable EBS optimization or deselect EBS-optimized to disable EBS optimization. This feature provides dedicated throughput to your AWS EBS volumes for best I/O performance (additional charges apply).
  3. Click Apply to upgrade (resize) the instance.

09 Click Actions button from the dashboard top menu, select Instance State, then select Start.

10 In the Start Instances dialog box, click Yes, Start to restart the instance. The instance booting process and its system checks may take few minutes.

11 Repeat step no. 4 - 10 for each EC2 instance that requires the upgrade, available in your AWS region. Change the AWS region from the navigation bar:

Change the AWS region from the navigation bar

to repeat the process for the other regions.

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) to expose the ID of each EC2 instance available in the selected region: 

aws ec2 describe-instances
	--region us-east-1
	--output table
	--query 'Reservations[*].Instances[*].InstanceId'

02 The command output should return a table with all instances IDs available in the selected region: 

|DescribeInstances|
+-----------------+
|  i-4c50fdd1     |
|  i-2eb01cb3     |
|  i-45bd05cd     |
+-----------------+

03 Run describe-instance-attribute command (OSX/Linux/UNIX) using each EC2 instance ID returned to expose the instance type. The following example utilizes an EC2 instance with the ID i-4c50fdd1: 

aws ec2 describe-instance-attribute
	--region us-east-1
	--instance-id i-4c50fdd1
	--attribute instanceType

04 The command output should return the instance current type: 

{
    "InstanceId": "i-4c50fdd1",
    "InstanceType": {
        "Value": "m1.medium"
    }
}

05 If the selected instance requires the upgrade, run stop-instances command (OSX/Linux/UNIX) using its ID to stop it (it may take few minutes until the instance enters the stopped state): 

aws ec2 stop-instances
	--instance-ids i-4c50fdd1

06 Run modify-instance-attribute command (OSX/Linux/UNIX) to resize the selected instance to the recommended equivalent type (m3.medium in this case). If successful, no output is returned for the command: 

aws ec2 modify-instance-attribute
	--instance-id i-4c50fdd1
	--instance-type "{\"Value\": \"m3.medium\"}"

07 Run again describe-instance-attribute command (OSX/Linux/UNIX) to make sure that the instance type has been changed to the current generation type: 

aws ec2 describe-instance-attribute
	--region us-east-1
	--instance-id i-4c50fdd1
	--attribute instanceType

08 The command output should return the new type name for the resized instance: 

{
    "InstanceId": "i-4c50fdd1",
    "InstanceType": {
        "Value": "m3.medium"
    }
}

09 Run start-instances command (OSX/Linux/UNIX) to start the EC2 instance (it may take few minutes until the instance enters the running state): 

aws ec2 start-instances
	--instance-ids i-4c50fdd1

10 Wait 5 minutes then run describe-instance-status command (OSX/Linux/UNIX) to determine the instance current status. If the InstanceState name is running and the SystemStatus / InstanceStatus status is ok, the upgrade process has been successfully implemented: 

{
    "InstanceStatuses": [
        {
            "InstanceId": "i-4c50fdd1",
            "InstanceState": {
                "Code": 16,
                "Name": "running"
            },
            "AvailabilityZone": "us-east-1a",
            "SystemStatus": {
                "Status": "ok",
                "Details": [
                    {
                        "Status": "passed",
                        "Name": "reachability"
                    }
                ]
            },
            "InstanceStatus": {
                "Status": "ok",
                "Details": [
                    {
                        "Status": "passed",
                        "Name": "reachability"
                    }
                ]
            }
        }
    ]
}

References

Publication date Apr 20, 2016

Related EC2 rules

Unlock the Remediation Steps

Gain free unlimited access
to our full Knowledge Base

Over 750 rules & best practices
for AWS and Azure

You are auditing:

EC2 Instance Generation

Risk level: Medium