AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Classic Should Not Be Used
More Info:
VPC should be used for EC2 instances instead of using EC2 Classic. VPCs are the latest and more secure method of launching AWS resources.
Risk Level
Low
Address
Security, Reliability, Operational Maturity
Compliance Standards
HIPAA, SOC2, NISTCSF
Triage and Remediation
Remediation
To remediate the EC2 Classic misconfiguration in AWS, follow these steps:
- Login to the AWS Management Console.
- Navigate to the EC2 dashboard.
- In the left-hand navigation menu, select “Classic Wizard”.
- Click on “Launch Instance” to launch a new instance.
- Choose the appropriate AMI and instance type for your needs.
- In the “Configure Instance Details” section, select the VPC that you want to launch the instance in.
- In the “Advanced Details” section, expand the “Network Interfaces” section and select the appropriate subnet.
- Click “Next” to proceed to the “Add Storage” section and configure your storage needs.
- Continue through the remaining configuration steps until you reach the “Review Instance Launch” page.
- Review your instance settings and click “Launch” to launch the instance in your selected VPC.
Note: If you have existing EC2 Classic instances, you should migrate them to a VPC as soon as possible. AWS provides a migration wizard to help with this process.
To remediate the EC2 Classic misconfiguration in AWS using AWS CLI, follow these steps:
-
Open the AWS CLI on your local machine or EC2 instance.
-
Run the following command to describe your VPCs:
aws ec2 describe-vpcs
-
Identify the VPC that you want to use for your EC2 instances.
-
Run the following command to create a new security group in the VPC:
aws ec2 create-security-group --group-name my-security-group --description "My security group" --vpc-id <vpc-id>
Replace <vpc-id> with the ID of the VPC that you want to use.
- Run the following command to authorize inbound traffic to the security group:
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0
Replace <security-group-id> with the ID of the security group that you created in step 4.
-
Launch your EC2 instance in the VPC that you identified in step 3, and specify the security group that you created in step 4.
-
Verify that your EC2 instance is running in the VPC by running the following command:
aws ec2 describe-instances --instance-ids <instance-id>
Replace <instance-id> with the ID of your EC2 instance.
- Once you have verified that your EC2 instance is running in the correct VPC, terminate any instances that are running in EC2 Classic.
Note: Before terminating any instances, make sure that you have migrated any data or applications to the new VPC.
To remediate the “EC2 Classic Should Not Be Used” misconfiguration in AWS using Python, you can follow the below steps:
- Identify all the EC2 instances in the account that are running in the EC2 Classic environment. You can use the boto3 library to list all the instances and check their VPC ID.
import boto3
ec2_client = boto3.client('ec2')
response = ec2_client.describe_instances(
Filters=[
{
'Name': 'instance-state-name',
'Values': ['running']
}
]
)
for reservation in response['Reservations']:
for instance in reservation['Instances']:
if 'VpcId' not in instance:
# This instance is running in the EC2 Classic environment
# Add remediation steps for this instance
- For each EC2 Classic instance, launch a new instance in a VPC. You can use the
run_instancesmethod of the EC2 client to launch a new instance. Make sure to specify the correct VPC ID and subnet ID in theNetworkInterfacesparameter.
response = ec2_client.run_instances(
ImageId='ami-0c55b159cbfafe1f0',
InstanceType='t2.micro',
KeyName='my-key-pair',
MaxCount=1,
MinCount=1,
NetworkInterfaces=[
{
'DeviceIndex': 0,
'AssociatePublicIpAddress': True,
'SubnetId': 'subnet-12345678',
'Groups': ['sg-0123456789abcdef0'],
'DeleteOnTermination': True
}
]
)
new_instance_id = response['Instances'][0]['InstanceId']
- Once the new instance is launched, you can terminate the old instance running in the EC2 Classic environment. You can use the
terminate_instancesmethod of the EC2 client to terminate an instance.
ec2_client.terminate_instances(
InstanceIds=['i-0123456789abcdef0']
)
- Repeat steps 2 and 3 for all the EC2 Classic instances in the account.
Note: Before implementing any remediation steps, it is recommended to test them in a non-production environment and ensure that they do not cause any unintended side effects.