Rule: EC2 Stopped Instances Should Be Removed in 30 Days
This rule ensures that any stopped instances in EC2 are removed within 30 days to maintain system efficiency.
| Rule | EC2 stopped instances should be removed in 30 days |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Low |
Rule Description:
According to GxP 21 CFR Part 11 guidelines, any stopped EC2 instances should be removed within a period of 30 days. This rule ensures compliance with the regulatory requirements related to electronic records and signatures in the life sciences industry.
The purpose of this rule is to prevent unauthorized access to sensitive information stored within EC2 instances and ensure that all instances are actively managed and properly accounted for. Removing stopped instances within the specified timeframe reduces security risks and helps maintain the integrity of electronic records in GxP-regulated environments.
Troubleshooting Steps (if applicable):
In case there are instances that have been stopped for more than 30 days, it is recommended to follow the below troubleshooting steps:
- 1.
Identify the stopped instances: Use the AWS Management Console or AWS CLI to identify the EC2 instances in your account that are currently in a stopped state.
- 2.
Check the stopped instance creation date: Determine the creation date of each identified stopped instance to validate if it has been stopped for more than 30 days.
- 3.
Review instance metadata: Check the tags or metadata associated with the instances to verify if they are subject to GxP 21 CFR Part 11 compliance and applicable retention policies.
- 4.
Determine the reason for stopping the instances: Assess if there were any valid reasons for stopping the instances, such as planned maintenance or temporary shutdowns. Make sure these reasons are properly documented.
- 5.
Evaluate the potential risks: Assess the potential security risks associated with the prolonged downtime of the instances. Take into consideration the sensitivity of the data stored within the instances and any potential impact on compliance.
- 6.
Decide on appropriate action: Depending on the evaluation of risks and compliance requirements, decide whether to terminate the instances or bring them back into operation.
Necessary Code (if applicable):
No specific code is required for this rule as it is a policy and compliance-related requirement. However, you could use the following AWS CLI command to list all stopped instances:
aws ec2 describe-instances --filters Name=instance-state-name,Values=stopped
This command will provide details of all stopped instances in your AWS account.
Step-by-Step Guide for Remediation:
To remediate the non-compliance with the rule, follow the step-by-step guide below:
- 1.
Identify stopped instances: Use the AWS Management Console or AWS CLI to identify all stopped EC2 instances in your account.
- 2.
Analyze instance creation date: Review the creation date of each stopped instance to determine if it has been stopped for more than 30 days.
- 3.
Determine compliance applicability: Check the tagging or metadata of the instances to verify if they are subject to GxP 21 CFR Part 11 compliance and fall under the 30-day removal policy.
- 4.
Validate the stoppage reason: Evaluate the reasons behind stopping each instance and document any valid justifications for the shutdown.
- 5.
Assess security risks: Calculate the potential security risks associated with extended downtime of the instances, considering the sensitivity of data stored and the compliance implications.
- 6.
Decide on instance action: Based on the risks and compliance requirements, decide whether to terminate the instances or bring them back online.
Terminate Instances: If instances are no longer needed or pose significant security risks, terminate them using the following commands:
aws ec2 terminate-instances --instance-ids INSTANCE_ID1 INSTANCE_ID2 ...Restart Instances: If instances are required and the stoppage reason was temporary, restart them using either the AWS Management Console or the following CLI command:
aws ec2 start-instances --instance-ids INSTANCE_ID1 INSTANCE_ID2 ...
- 7.
Document the remediation: Record all actions taken, including termination or restart of instances, along with the reasons and justifications.
By following the above step-by-step guide, you can ensure compliance with GxP 21 CFR Part 11 guidelines regarding the removal of stopped EC2 instances within 30 days.