Rule: EC2 instance should have EBS optimization enabled
This rule ensures that EC2 instances have EBS optimization enabled for high performance.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | GxP EU Annex 11 |
| Severity | ✔ High |
EC2 Instance EBS Optimization for GxP EU Annex 11 Compliance
EBS-optimized instances are designed to deliver optimal performance for Elastic Block Store (EBS) volumes by minimizing contention between EBS I/O and other traffic from your instance. For environments regulated by guidelines such as GxP and the EU's Annex 11, which addresses the integrity of records and systems, it is essential to ensure that EC2 instances meet the required levels of performance and reliability.
Rule Description
EC2 instances that handle critical workloads, especially those subject to GxP and EU Annex 11 regulations, should have EBS optimization enabled. Enabling EBS optimization provides dedicated bandwidth to EBS volumes, which ensures consistent I/O performance and satisfies regulations requiring robust and reliable system performance.
Key Points for the Rule:
- Dedicated throughput between EC2 and EBS
- Consistent I/O performance
- Fulfillment of regulatory requirements for performance reliability
Troubleshooting Steps
If an EC2 instance is not EBS-optimized or if the EBS-optimized throughput to the EC2 instance does not meet expected performance, follow these troubleshooting steps:
- 1.Verify that the EC2 instance supports EBS optimization and if it is enabled.
- 2.Check the instance type because not all instances support EBS optimization.
- 3.Monitor the EC2 instance's I/O performance to ascertain if it is within expected performance levels.
Remediation Steps
Step-by-Step Guide
- 1.
Identify Non-Compliant Instances:
Use AWS CLI to list all instances and their EBS optimization status:
aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId,EbsOptimized]" --output table
- 2.
Enable EBS Optimization:
If EBS optimization is supported but not enabled, modify the instance to enable it:
aws ec2 modify-instance-attribute --instance-id i-xxxxxxxxxxxx --ebs-optimizedReplace
with the instance ID of the EC2 instance you wish to modify.i-xxxxxxxxxxxx
- 3.
Launch New Instances with EBS Optimization:
When creating a new instance, specify EBS optimization:
aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type type --ebs-optimized --key-name keypair --security-groups sg-xxxxxxxxReplace
,ami-xxxxxxxx
,type
, andkeypair
with your AMI ID, instance type, key pair, and security group, respectively.sg-xxxxxxxx
CLI Commands
The above remediation steps already include the CLI commands necessary to enable EBS optimization. Ensure that you have the appropriate IAM permissions to execute these commands.
Compliance Standards and Regulations
For any company operating within the scope of GxP and EU Annex 11 regulatory compliance, ensuring that every EC2 instance dealing with critical workloads is EBS-optimized is not only a matter of efficiency but also regulatory compliance. These standards ensure that electronic records are accurate, reliable, and maintained with a high level of integrity. EBS optimization contributes to upholding these standards.
Adhering to the described rule ensures that EC2 instances comply with the necessary regulations and contribute significantly to the robustness of the deployed applications. As such, this rule becomes essential for systems regulated by GxP and EU Annex 11 to avoid audit failures and potential penalties.
By following the precise and detail-oriented process outlined above, you ensure that your EC2 instances remain compliant with GxP EU Annex 11, hence maintaining seamless operations and upholding the integrity required by regulatory standards.