Ensure that your AWS EC2 instances are using the appropriate tenancy model, i.e. Multi-Tenant Hardware (shared) or Single-Tenant Hardware (dedicated) in order to comply with your organization regulatory security requirements. Based on these tenancy models, AWS provides two types of instances: Shared Instances - which run on shared hardware where the isolation is logical and Dedicated Instances/Dedicated Hosts - which run in single-tenant hardware where the isolation is physical. Cloud Conformity strongly recommends using EC2 Dedicated Instances or Dedicated Hosts if the regulatory and security requirements prohibit your organization data from being physically stored on shared hardware.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using the right tenancy model for your EC2 instances should reduce the concerns around security at the instance hypervisor level and promote better compliance." note="Note: Not all EC2 instance types are eligible for the dedicated tenancy model. To verify if your EC2 instance type can be launched in a dedicated hardware environment, consult the updated AWS documentation at https://aws.amazon.com/ec2/purchasing-options/dedicated-instances/.
To determine the type of tenancy, shared or dedicated, used by your EC2 instances, perform the following:
To recreate/re-launch your running EC2 instances with the required tenancy, perform the following:Note: You can launch or re-launch EC2 Dedicated Instances within both dedicated and non-dedicated VPCs by setting the instance tenancy type to “dedicated” during the launch process.