AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Instances Should Not Reach vCPU Limit
More Info:
Monitoring vCPU-based limits for on-demand EC2 instances avoids resource starvation. Service Quotas is an AWS service that enables you to view and manage your quotas from a central location. Quotas, also referred to as limits, are the maximum value for your resources, actions, and items in your AWS account.
Risk Level
Medium
Address
Operational Maturity, Reliability
Compliance Standards
AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration “EC2 Instances Should Not Reach vCPU Limit” in AWS using the AWS console, follow the below steps:
- Open the AWS Management Console and navigate to the EC2 dashboard.
- Select the EC2 instance that is reaching the vCPU limit.
- Click on the “Actions” button and select “Instance Settings” and then click on “Change Instance Type”.
- Select a larger instance type that provides more vCPUs than the current instance type.
- Review the changes and click on “Apply”.
- Once the instance type is changed, the instance will have more vCPUs and the vCPU limit will no longer be reached.
Alternatively, you can also use AWS Auto Scaling to automatically adjust the instance type based on the resource utilization of the instance. This will ensure that the instance always has enough vCPUs and other resources to handle the workload.
To remediate the EC2 instances reaching vCPU limit misconfiguration in AWS using AWS CLI, follow the below steps:
Step 1: Log in to the AWS Management Console.
Step 2: Open the AWS CLI on your local machine.
Step 3: Use the below command to describe the EC2 instances that have reached the vCPU limit:
aws ec2 describe-instances --query 'Reservations[].Instances[?CpuOptions.CpuCreditsRemaining==`0`].{InstanceID:InstanceId, vCPUs:CpuOptions.CoreCount}'
This command will display the list of instances that have reached the vCPU limit.
Step 4: Stop the EC2 instances that have reached the vCPU limit using the below command:
aws ec2 stop-instances --instance-ids <instance-id>
Replace the <instance-id> with the actual instance ID of the instance that you want to stop.
Step 5: Modify the instance type of the stopped instances using the below command:
aws ec2 modify-instance-attribute --instance-id <instance-id> --instance-type <new-instance-type>
Replace <instance-id> with the actual instance ID of the instance that you want to modify, and <new-instance-type> with the desired instance type.
Step 6: Start the modified EC2 instances using the below command:
aws ec2 start-instances --instance-ids <instance-id>
Replace the <instance-id> with the actual instance ID of the instance that you want to start.
By following these steps, you can remediate the EC2 instances reaching vCPU limit misconfiguration in AWS using AWS CLI.
To remediate the EC2 Instances reaching vCPU limit misconfiguration in AWS using python, you can follow the below steps:
Step 1: Identify the EC2 instances which are reaching vCPU limit using the boto3 library in python.
import boto3
# Create EC2 client
ec2 = boto3.client('ec2')
# Get all EC2 instances
reservations = ec2.describe_instances()
for reservation in reservations['Reservations']:
for instance in reservation['Instances']:
# Check if the instance is running and has a vCPU limit
if instance['State']['Name'] == 'running' and 'CpuOptions' in instance and 'CoreCount' in instance['CpuOptions']:
# Check if the instance is reaching the vCPU limit
if instance['CpuOptions']['CoreCount'] >= instance['CpuOptions']['ThreadsPerCore']:
# Remediate the misconfiguration by stopping and starting the instance
ec2.stop_instances(InstanceIds=[instance['InstanceId']])
ec2.start_instances(InstanceIds=[instance['InstanceId']])
Step 2: Stop and start the EC2 instances which are reaching the vCPU limit to remediate the misconfiguration.
# Stop and start the instances which are reaching the vCPU limit
ec2.stop_instances(InstanceIds=[instance['InstanceId']])
ec2.start_instances(InstanceIds=[instance['InstanceId']])
By following the above steps, you can remediate the EC2 Instances reaching vCPU limit misconfiguration in AWS using python.