Rule: EC2 Instance Should Have EBS Optimization Enabled
This rule ensures that EC2 instances have EBS optimization enabled to improve performance.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
EC2 Instance EBS Optimization for CISA Cyber Essentials
AWS's Elastic Block Store (EBS) optimization features enable EC2 instances to achieve better performance by providing dedicated bandwidth to EBS volumes. Following the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials, EBS optimization might be required to ensure that systems operate securely and efficiently.
Rule Description
When launching EC2 instances that support EBS optimization, you should have this feature enabled. This setting ensures that the communication between your EC2 instance and attached EBS volumes is optimized, providing dedicated throughput for I/O operations, which is important for performance consistency and can aid in protection against certain types of resource starvation that might be exploited in a cyber-attack.
Troubleshooting Steps
If EBS optimization is not enabled, or you are not experiencing the expected performance, follow these steps:
- 1.
Check EBS Optimization Support:
- Verify if the instance type supports EBS optimization.
- Use the
API or refer to the AWS documentation for supported instances.DescribeInstanceTypes
- 2.
Check Current EBS Optimization Status:
- Use the AWS Management Console or the AWS CLI to check if EBS optimization is enabled on your instances with the
command.DescribeInstances
- 3.
Verify Performance Metrics:
- Monitor the EBS metrics in CloudWatch for any performance bottlenecks.
- Look for high latency or low throughput on your volumes that could indicate a problem.
Necessary Commands
Check EBS Optimization Support
aws ec2 describe-instance-types --instance-types <instance-type>
Check Current EBS Optimization Status
aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].EbsOptimized"
Enable EBS Optimization
aws ec2 modify-instance-attribute --instance-id <instance-id> --ebs-optimized
Remediation Steps
If your instance supports EBS optimization but it's not enabled, you can enable it by following these steps:
- 1.Stop the instance (if it's running):
aws ec2 stop-instances --instance-ids <instance-id>
- 1.Modify the instance to enable EBS optimization:
aws ec2 modify-instance-attribute --instance-id <instance-id> --ebs-optimized
- 1.Start the instance:
aws ec2 start-instances --instance-ids <instance-id>
Please be mindful that enabling EBS optimization can result in additional charges, and it is not reversible; once enabled, it cannot be disabled.
Providing accurate and valuable content about EBS optimization aligned with the CISA Cyber Essentials can enhance the relevance of the information in the context of cybersecurity best practices, which could improve SEO for related queries. However, it is important to note that generating SEO-friendly content goes beyond single-topic explanations and involves on-page optimization, backlink strategies, and more comprehensive content management approaches.