Avoid Using Paravirtual EC2 Instance Types - Rule
This rule states that Paravirtual EC2 instance types should not be used. Ensure compliance to enhance security measures.
| Rule | Paravirtual EC2 instance types should not be used |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
Paravirtual EC2 instance types should not be used for AWS Foundational Security Best Practices.
Description:
Paravirtual EC2 instances are an older generation of instances that utilize a different virtualization technology compared to the newer HVM (Hardware Virtual Machine) instances. The AWS Foundational Security Best Practices recommend using HVM instances for improved security and performance.
Troubleshooting steps:
If you identify that your EC2 instances are running on paravirtual virtualization, you can follow these troubleshooting steps to migrate to HVM instances:
- 1.
Identify the current instance type:
- From the AWS Management Console, navigate to the EC2 service.
- Select the instance in question.
- Check the "Instance Type" column to see if it is listed as a paravirtual instance.
- 2.
Check compatibility:
- Ensure that the desired HVM instance types you want to migrate to are supported by your operating system and applications.
- 3.
Snapshot or backup important data:
- Before migrating, it is strongly recommended to create a snapshot or backup of your data to ensure no loss of critical information during the migration process.
- 4.
Migrate to HVM instance:
- Stop the paravirtual instance.
- Create an Amazon Machine Image (AMI) from the stopped instance.
- Launch a new instance using the HVM-compatible AMI.
- Update any necessary configurations and ensure the proper working of your applications.
- 5.
Verify the new instance:
- Confirm that the new HVM instance is running correctly and that all applications and services are functioning as expected.
- 6.
Optional - Terminate the old instance:
- Once you have verified the new HVM instance, you can terminate the old paravirtual instance to avoid any unnecessary costs.
Necessary codes:
There are no specific codes provided as the migration process involves standard EC2 management tasks through the AWS Management Console or AWS CLI.
Remediation steps:
Follow these step-by-step commands to remediate the issue using AWS CLI:
- 1.
Identify the current instance type:
aws ec2 describe-instances --instance-ids <instance-id> --query 'Reservations[*].Instances[*].[InstanceId, InstanceType]' - 2.
Check compatibility:
- Confirm that the desired HVM instance types are compatible with your operating system and applications.
- 3.
Migrate to HVM instance:
Stop the paravirtual instance:
aws ec2 stop-instances --instance-ids <instance-id>Create an Amazon Machine Image (AMI) from the stopped instance:
aws ec2 create-image --instance-id <instance-id> --name "New HVM AMI" --description "AMI for HVM instance migration"Launch a new instance using the HVM-compatible AMI:
aws ec2 run-instances --image-id <new-ami-id> --instance-type <hvm-instance-type> --key-name <key-pair-name>Update any necessary configurations and ensure the proper working of your applications.
- 4.
Verify the new instance:
- Confirm that the new HVM instance is running correctly and that all applications and services are functioning as expected.
- 5.
Optional - Terminate the old instance:
- Once you have verified the new HVM instance, you can terminate the old paravirtual instance to avoid any unnecessary costs:
aws ec2 terminate-instances --instance-ids <instance-id>
By following the above steps, you can migrate from paravirtual EC2 instance types to HVM instances, aligning with AWS Foundational Security Best Practices.