EC2 Classic Should Not Be Used
More Info:
VPC should be used for EC2 instances instead of using EC2 Classic. VPCs are the latest and more secure method of launching AWS resources.Risk Level
LowAddress
Security, Reliability, Operational MaturityCompliance Standards
HIPAA, SOC2, NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the EC2 Classic misconfiguration in AWS, follow these steps:
- Login to the AWS Management Console.
- Navigate to the EC2 dashboard.
- In the left-hand navigation menu, select “Classic Wizard”.
- Click on “Launch Instance” to launch a new instance.
- Choose the appropriate AMI and instance type for your needs.
- In the “Configure Instance Details” section, select the VPC that you want to launch the instance in.
- In the “Advanced Details” section, expand the “Network Interfaces” section and select the appropriate subnet.
- Click “Next” to proceed to the “Add Storage” section and configure your storage needs.
- Continue through the remaining configuration steps until you reach the “Review Instance Launch” page.
- Review your instance settings and click “Launch” to launch the instance in your selected VPC.
Using CLI
Using CLI
To remediate the EC2 Classic misconfiguration in AWS using AWS CLI, follow these steps:Replace Replace Replace
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to describe your VPCs:
- Identify the VPC that you want to use for your EC2 instances.
- Run the following command to create a new security group in the VPC:
<vpc-id> with the ID of the VPC that you want to use.- Run the following command to authorize inbound traffic to the security group:
<security-group-id> with the ID of the security group that you created in step 4.- Launch your EC2 instance in the VPC that you identified in step 3, and specify the security group that you created in step 4.
- Verify that your EC2 instance is running in the VPC by running the following command:
<instance-id> with the ID of your EC2 instance.- Once you have verified that your EC2 instance is running in the correct VPC, terminate any instances that are running in EC2 Classic.
Using Python
Using Python
To remediate the “EC2 Classic Should Not Be Used” misconfiguration in AWS using Python, you can follow the below steps:
- Identify all the EC2 instances in the account that are running in the EC2 Classic environment. You can use the boto3 library to list all the instances and check their VPC ID.
- For each EC2 Classic instance, launch a new instance in a VPC. You can use the
run_instancesmethod of the EC2 client to launch a new instance. Make sure to specify the correct VPC ID and subnet ID in theNetworkInterfacesparameter.
- Once the new instance is launched, you can terminate the old instance running in the EC2 Classic environment. You can use the
terminate_instancesmethod of the EC2 client to terminate an instance.
- Repeat steps 2 and 3 for all the EC2 Classic instances in the account.