AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Termination Protection Should Be Enabled
More Info:
Ensuring Termination Protection feature is enabled for EC2 instances that are not part of ASGs.
Risk Level
Low
Address
Reliability, Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the Termination Protection Should Be Enabled misconfiguration in AWS using the AWS console, follow these steps:
-
Login to the AWS Management Console.
-
Navigate to the EC2 Dashboard.
-
Select the instance that you want to enable termination protection for.
-
Click on the “Actions” button and select “Instance Settings”.
-
Click on “Change Termination Protection”.
-
Select the “Enable” option and click “Save”.
-
A confirmation message will appear indicating that the termination protection has been enabled.
-
Repeat steps 3-7 for each instance that needs termination protection enabled.
By following these steps, you will have successfully remediated the Termination Protection Should Be Enabled misconfiguration for your AWS environment.
To remediate the misconfiguration “Termination Protection Should Be Enabled” for an EC2 instance in AWS using AWS CLI, follow the below steps:
-
Open the AWS CLI on your local machine.
-
Run the following command to enable termination protection for an EC2 instance:
aws ec2 modify-instance-attribute --instance-id <instance-id> --no-disable-api-terminationReplace
<instance-id>with the ID of the EC2 instance for which you want to enable termination protection. -
Verify that the termination protection is enabled for the instance by running the following command:
aws ec2 describe-instance-attribute --instance-id <instance-id> --attribute disableApiTerminationIf the output shows
"Value": false, it means that termination protection is enabled for the instance. -
Repeat the above steps for all the EC2 instances in your AWS account to ensure that termination protection is enabled for all of them.
Note: Enabling termination protection is a safety measure to prevent accidental termination of instances. However, it should not be used as a substitute for proper backup and disaster recovery planning.
The following steps can be followed to remediate the “Termination Protection Should Be Enabled” misconfiguration in AWS using Python:
- Import the necessary libraries:
import boto3
- Create an EC2 client:
ec2 = boto3.client('ec2')
- Get a list of all instances:
response = ec2.describe_instances()
instances = []
for reservation in response['Reservations']:
for instance in reservation['Instances']:
instances.append(instance['InstanceId'])
- Enable termination protection for each instance:
for instance in instances:
ec2.modify_instance_attribute(InstanceId=instance, DisableApiTermination={'Value': True})
This will enable termination protection for all instances in your AWS account.