Orphaned EC2 Instances to make sure every instance is launched within an AWS Auto Scaling Group in order to help improve the availability and scalability of your web applications during instance failures or denial-of-service attacks (DoS, DDoS).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
As good practice, every EC2 instance should be launched inside an AWS Auto Scaling Group. To achieve zero downtime, Cloud Conformity recommends attaching an Elastic Load Balancer (ELB) to the Auto Scaling Group (ASG) in order to use ELB health checks in combination with the ASG to identify unhealthy instances and cycle them out automatically. This auto-scaling configuration can also help to maintain optimal the resiliency and availability of your applications during DDoS attacks by scaling and absorbing the attacks.
To identify any orphaned EC2 Instances (i.e. instances that don't belong to any ASG), perform the following:
To deploy a running EC2 instance into an AWS auto-scaling configuration using Auto Scaling Groups (ASGs) and Elastic Load Balancers (ELBs) for high reliability and security, perform the following: