Rule: EC2 Stopped Instances Removal in 30 Days
This rule states that EC2 stopped instances must be deleted within 30 days to maintain compliance.
| Rule | EC2 stopped instances should be removed in 30 days |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Low |
Rule Description:
For compliance with FedRAMP Low Revision 4, any EC2 instances that have been stopped for more than 30 days should be removed. This rule helps ensure that instances are not left running unnecessarily, reducing potential security risks and minimizing costs associated with unused resources.
Troubleshooting Steps (if applicable):
If instances are not being automatically removed after being stopped for 30 days, you can follow these troubleshooting steps:
- 1.
Verify the AWS account permissions: Ensure that the user or role performing this task has the necessary permissions to manage EC2 instances, such as ec2:TerminateInstances.
- 2.
Check the instance state: Determine whether the instance is in the stopped state for more than 30 days. You can use the AWS Management Console, AWS CLI, or AWS SDKs to check the instance state.
- 3.
Check the instance termination protection: Confirm that termination protection is not enabled for the instance. If termination protection is enabled, the instance cannot be terminated until the protection is disabled.
- 4.
Ensure the instance is not part of an Auto Scaling group: Instances associated with an Auto Scaling group cannot be terminated individually. If the instance in question is part of an Auto Scaling group, you may need to modify the Auto Scaling group configuration or delete the Auto Scaling group entirely.
Necessary Code (if applicable):
No specific code is required for this rule.
Step-by-Step Guide for Remediation:
To remove an EC2 instance that has been stopped for more than 30 days, follow these steps:
- 1.
Identify the instance: Use the AWS Management Console, AWS CLI, or AWS SDKs to identify the EC2 instance that has been stopped for more than 30 days.
- 2.
Verify termination protection (optional): If termination protection is enabled for the instance, you will need to disable it before proceeding. To disable termination protection, follow these steps:
- Open the Amazon EC2 console.
- In the navigation pane, choose "Instances".
- Select the instance that needs termination protection disabled.
- Choose "Actions", then "Instance Settings", and then "Change Termination Protection".
- Disable termination protection and click "Save".
- 3.
Terminate the instance: Once you have confirmed that termination protection is disabled (if applicable), proceed with terminating the instance. To terminate the instance, follow these steps:
- Open the Amazon EC2 console.
- In the navigation pane, choose "Instances".
- Select the instance that needs to be terminated.
- Choose "Actions", then "Instance State", and then "Terminate".
- Confirm the termination when prompted.
- 4.
Verify termination: After initiating the termination, verify that the instance has been successfully removed. This can be done by checking the instance state in the AWS Management Console or using the AWS CLI.
Repeat these steps for any other EC2 instances that have been stopped for more than 30 days and need to be removed.
Note: Terminating an instance will permanently delete all associated data. Make sure to back up any essential data before proceeding with termination.
By following this rule and regularly removing stopped instances, you can maintain compliance with FedRAMP Low Revision 4 and ensure efficient resource utilization within your AWS environment.