Rule: EC2 Instance Should Have EBS Optimization Enabled
This rule ensures that EC2 instances have EBS optimization enabled for performance.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
Rule Description
The rule requires that the EC2 instances in the CISA-cyber-essentials environment should have Elastic Block Store (EBS) optimization enabled. EBS optimization enhances the performance of EBS volumes attached to EC2 instances by minimizing network latency and maximizing throughput, resulting in improved overall instance performance.
Troubleshooting Steps
If EBS optimization is not enabled for an EC2 instance, follow these troubleshooting steps:
- 1.
Verify EBS Optimization Status: Check the current status of EBS optimization for the EC2 instance. You can do this by viewing the instance details either in the AWS Management Console or by using the AWS CLI/API.
- 2.
Review Instance Type Compatibility: Ensure that the EC2 instance type being used supports EBS optimization. Not all instance types are capable of utilizing this feature. Refer to the AWS documentation to validate if the instance type is EBS-optimized.
- 3.
Check EBS Volume Type: Confirm that the EBS volumes attached to the EC2 instance are eligible for EBS optimization. EBS optimization is available only for certain types of EBS volumes (e.g., General Purpose SSD, Provisioned IOPS SSD). Verify the volume type and make any necessary adjustments.
- 4.
Check EBS Optimization Settings: Review the EC2 instance settings to determine if EBS optimization is enabled or disabled. If disabled, enable EBS optimization to achieve better performance. This can be done both through the console or by using the AWS CLI/API.
- 5.
Validate Network Configuration: Ensure that the network configuration for the EC2 instance is correct and properly optimized. Check for any network-related issues that may impact the performance of EBS volumes and take necessary corrective actions.
Necessary Codes
No specific codes are required for this rule.
Step-by-Step Guide for Remediation
Follow these steps to enable EBS optimization for an EC2 instance in the CISA-cyber-essentials environment:
- 1.
Step 1: Open the AWS Management Console.
- 2.
Step 2: Go to the EC2 service.
- 3.
Step 3: Select the desired EC2 instance from the instances list.
- 4.
Step 4: Click on the "Actions" button.
- 5.
Step 5: From the dropdown menu, select "Modify Instance Attribute".
- 6.
Step 6: In the "Modify Instance" window, scroll down to the "EBS Optimization" section.
- 7.
Step 7: Check the box next to "Enable" to enable EBS optimization.
- 8.
Step 8: Click "Save" to apply the changes.
- 9.
Step 9: Monitor the instance after enabling EBS optimization to ensure improved performance.
Note: If you prefer to use the AWS CLI or API to enable EBS optimization, you can use the
modify-instance-attribute--ebs-optimizedConclusion
Enabling EBS optimization for EC2 instances in the CISA-cyber-essentials environment enhances the performance of EBS volumes. By following the troubleshooting steps and remediation guide outlined above, you can ensure that EBS optimization is enabled, providing optimal performance for your EC2 instances.