EC2 Instance Tenancy
More Info:
EC2 instances should have the required tenancy for security and regulatory compliance requirements.Risk Level
LowAddress
SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
EC2 Instance Tenancy refers to the physical host on which your EC2 instance runs. It can be either a shared tenancy or a dedicated tenancy. If the instance tenancy is set to default, it means that it is running on a shared host. To remediate this misconfiguration, follow the below steps:
- Login to your AWS console.
- Navigate to the EC2 dashboard.
- Select the EC2 instance for which you want to remediate the misconfiguration.
- Click on the “Actions” button and select “Instance Settings”.
- Select “Change Tenancy” from the drop-down menu.
- Choose the “Dedicated” option and click on “Apply”.
- Review the changes and click on “Confirm”.
- Your instance will be stopped and started again on a dedicated host.
Using CLI
Using CLI
The EC2 instance tenancy refers to the type of hardware on which your EC2 instances will run. There are two types of tenancy: shared and dedicated. Shared tenancy means that your instances will run on hardware that is shared with other AWS customers, while dedicated tenancy means that your instances will run on hardware that is dedicated to your account. Here’s how to remediate this issue for AWS using AWS CLI:This command will list all instances along with their tenancy status.Replace Replace Replace
- Identify the EC2 instances that are using shared tenancy by running the following command:
- Stop the instance(s) that are using shared tenancy by running the following command:
<instance-id> with the ID of the instance that you want to stop.- Modify the instance(s) to use dedicated tenancy by running the following command:
<instance-id> with the ID of the instance that you want to modify.- Start the instance(s) that you stopped in step 2 by running the following command:
<instance-id> with the ID of the instance that you want to start.- Verify that the instance(s) are now using dedicated tenancy by running the command in step 1 again. The Tenancy column should now show “dedicated” for the affected instance(s).
Using Python
Using Python
The EC2 instance tenancy configuration refers to how the instance is placed on the underlying hardware of the host. There are two types of tenancy - shared and dedicated. Shared tenancy means that the instance is placed on hardware that is shared with other instances, while dedicated tenancy means that the instance is placed on hardware that is dedicated to it.To remediate this misconfiguration for AWS using Python, you can use the AWS SDK for Python (boto3) to modify the instance tenancy configuration. Here are the steps:This should return ‘dedicated’ if the tenancy configuration has been successfully updated.Note: You will need appropriate permissions to modify the instance tenancy configuration.
- Install boto3 using the following command:
- Import the boto3 library and create an EC2 client object:
- Use the
modify_instance_attributemethod to modify the instance tenancy configuration. You will need to specify the instance ID and the tenancy type that you want to set. For example, to set the tenancy to dedicated, you can use the following code:
- Verify that the tenancy configuration has been updated by using the
describe_instancesmethod to retrieve the instance details: