Enable AWS EC2 Hibernation
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product features
Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product featuresEnable hibernation as an additional stop behavior for your EC2 instances backed by Amazon EBS in order to reduce the time it takes for these instances to return to service at restart. This feature can be useful for certain application workloads, as hibernation stops the EC2 instance and saves the contents of the instance's RAM memory to the root volume. Hibernation feature is only available for Amazon EC2 On-Demand and Reserved Instances.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Your applications can take tens of minutes to preload or warm up when relying on caches and other RAM memory-centric components, and this service delay can force you to over-provision in case you need incremental compute capacity very quickly. With EC2 hibernation enabled, you can maintain your Amazon EC2 instances in a "pre-warmed" state so these can get to a productive state faster.
Note: Hibernation is currently supported by EC2 instances running Amazon Linux AMI version 1, that use the following instance types: M3, M4, M5, C3, C4, C5, R3, R4 and R5. Also, to make use of Hibernation feature, the EBS root volume attached to the instance must be encrypted to ensure protection of sensitive data in memory as this gets copied to the root volume.
To determine if Hibernation feature is enabled for your EBS-backed EC2 instances, perform the following actions:
01 Sign in to AWS Management Console.
02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
03 In the navigation panel, under INSTANCES, click Instances.
04 Select the AWS EC2 instance that you want to examine.
05 Select the Description tab from the dashboard bottom panel.
06 In the left column, check the Stop - Hibernation behavior attribute value. If the verified value (status) is set to Disabled, the Hibernation feature is not enabled for the selected Amazon EC2 EBS-backed instance.
07 Repeat steps no. 4 – 6 to check the Hibernation feature status for other Amazon EC2 instances launched in the current region.
08 Change the AWS region from the navigation bar and repeat steps no. 4 – 7 for other regions.
01 Run describe-instances command (OSX/Linux/UNIX) using custom query filters to list the IDs of all EC2 instances currently available in the selected AWS region:
aws ec2 describe-instances --region us-east-1 --output table --query 'Reservations[*].Instances[*].InstanceId'
02 The command output should return a table with the requested EC2 instance identifiers:
------------------------- | DescribeInstances | +-----------------------+ | i-0aabbccdd12341234 | | i-0abcabcabc1234567 | | i-01234567abcabcabc | +-----------------------+
03 Run describe-instances command (OSX/Linux/UNIX) using the ID of the instance that you want to examine as identifier and custom filtering to determine whether the selected EC2 instance is enabled for hibernation:
aws ec2 describe-instances --region us-east-1 --instance-ids i-0aabbccdd12341234 --query "Reservations[*].Instances[*].HibernationOptions.Configured | []"
04 The command output should return the Hibernation feature status (true for enabled, false for disabled):
[
false
]
05 Repeat step no. 3 and 4 to verify the Hibernation feature status for other Amazon EC2 instances launched in the selected region.
06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the entire audit process for other regions.
Amazon EC2 does not currently support enabling hibernation on an existing instance (running or stopped). To hibernate your instance, make sure that prerequisites are met. To enable the feature, you have to re-launch the EC2 instance and configure hibernation at launch. To re-create the necessary AWS EC2 instance with hibernation enabled, perform the following actions:
01 Sign in to AWS Management Console.
02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
03 In the navigation panel, under INSTANCES, click Instances.
04 Select the EC2 instance that you want to re-launch (see Audit section part I to identify the right EC2 resource).
05 Click the Actions dropdown button from the dashboard top menu, select Image and click Create Image.
06 Inside Create Image dialog box, provide the following information:
07 Once the AMI is ready, use it to re-launch the selected Amazon EC2 instance with Hibernation feature enabled. To launch the instance, perform the following:
08 Once you have verified the new Amazon EC2 instance, replace the source instance with the new EC2 instance within your cloud application environment.
09 To make use of Hibernation feature, choose the newly created instance, click the Actions dropdown button, select Instance State and click Stop – Hibernate. Within Stop – Hibernate Instances dialog box, click Yes, Stop – Hibernate to confirm the action.
10 (Optional) Terminate the source instance in order to stop incurring charges for the compute resource. To shut down the instance, perform the following actions:
11 Repeat steps no. 4 – 10 to enable Hibernation feature for other Amazon EC2 instances provisioned in the current region.
12 Change the AWS region from the navigation bar and repeat steps no. 4 – 11 for other regions.
01 Run create-image command (OSX/Linux/UNIX) to create an image from the source EC2 instance (see Audit section part II to identify the right resource). The source instance is the one with Hibernation feature disabled. Include --no-reboot command parameter to guarantee the file system integrity for your new AWS AMI:
aws ec2 create-image --region us-east-1 --instance-id i-0aabbccdd12341234 --name "AMI for source EC2 instance (without hibernation enabled)" --description "Application Stack Amazon Machine Image" --no-reboot
02 The command output should return the ID of the new AWS AMI:
{
"ImageId": "ami-0abcdabcd12341234"
}
03 Execute run-instances command (OSX/Linux/UNIX) to launch a new Amazon EC2 instance from the image created at the previous steps. The following command example creates an EC2 instance with Hibernation feature enabled, using an Amazon Machine Image (AMI) with the ID ami-abcd1234. Set --hibernation-options parameter to Configured=true to enable the feature during the launch process:
aws ec2 run-instances --region us-east-1 --image-id ami-0abcdabcd12341234 --count 1 --instance-type c4.large --key-name ssh-secure-key --security-groups web-app-sg --hibernation-options Configured=true
04 The command output should return the new EC2 instance configuration metadata:
{
"Instances": [
{
"PublicDnsName": "",
"EbsOptimized": false,
"LaunchTime": "2019-02-10T12:01:42.000Z",
"PrivateIpAddress": "172.11.10.80",
"ProductCodes": [],
"VpcId": "vpc-abcdabcd",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 2
},
"StateTransitionReason": "",
...
"InstanceId": "i-0abcd1234abcd1234",
"ImageId": "ami-01234123412341234",
"KeyName": "ssh-secure-key",
"Hypervisor": "xen",
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/xvda",
"VirtualizationType": "hvm",
"HibernationOptions": {
"Configured": true
}
}
],
"ReservationId": "r-0aabbccdd12341234",
"Groups": [],
"OwnerId": "123456789012"
}
05 After you have verified the new Amazon EC2 instance, replace the source instance with the new EC2 instance within your application environment.
06 To make use of hibernation, run stop-instances command (OSX/Linux/UNIX) using the ID of the newly created instance as identifier to get the specified Amazon EC2 instance into the hibernation state:
aws ec2 stop-instances --region us-east-1 --instance-ids i-0abcd1234abcd1234 --hibernate
07 The command output should return the command request metadata:
{
"StoppingInstances": [
{
"InstanceId": "i-0abcd1234abcd1234",
"CurrentState": {
"Code": 64,
"Name": "stopping"
},
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
08 (Optional) You can safely terminate the source instance in order to stop incurring charges for it. To shut down the source EC2 instance run terminate-instances command (OSX/Linux/UNIX) using the instance ID as identifier:
aws ec2 terminate-instances --instance-ids i-0aabbccdd12341234
09 The command output should return the shutdown request metadata:
{
"TerminatingInstances": [
{
"InstanceId": "i-0aabbccdd12341234",
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
10 Repeat steps no. 1 – 9 to enable Hibernation feature for other Amazon EC2 instances provisioned in the selected region.
11 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 10 for other regions.
Whether your AWS exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Cloud Conformity offers full visibility of your infrastructure and provides continuous assurance it’s secure, optimized and compliant.
Chat with us to set up your onboarding session and start a free trial.
Let’s Chat