Rule: EC2 Instance Should Have EBS Optimization Enabled
This rule ensures that EC2 instances have EBS optimization enabled for optimal performance and efficiency.
| Rule | EC2 instance should have EBS optimization enabled |
| Framework | HIPAA |
| Severity | ✔ High |
Rule Description
EC2 instances should have Elastic Block Store (EBS) optimization enabled in order to comply with HIPAA regulations. EBS optimization improves the performance of Amazon EBS volumes attached to EC2 instances by minimizing latency and increasing throughput.
Troubleshooting Steps
In case EBS optimization is not enabled on an EC2 instance, you can follow the steps below to troubleshoot and resolve the issue:
- 1.
Verify EBS volume type: Ensure that the attached EBS volume is either gp2 (General Purpose SSD) or io1 (Provisioned IOPS SSD) as these are the only supported volume types for EBS optimization. If the volume type is different, create a new EBS volume with the desired type and attach it to the instance.
- 2.
Check instance type: Confirm that the EC2 instance type chosen supports EBS optimization. Not all instance types support this feature. Refer to the Amazon EC2 documentation for a list of supported instance types.
- 3.
Check instance launch configuration: If the instance was launched using an Auto Scaling Group (ASG), verify the ASG launch configuration. The launch configuration should have EBS optimization enabled. If not, create a new launch configuration with EBS optimization enabled and update the ASG to use the new launch configuration.
- 4.
Check instance metadata: Retrieve the instance metadata using the AWS CLI or EC2 console and check the value of the "ebsOptimized" attribute. If the value is "false", then EBS optimization is not enabled. Proceed with the next steps to enable it.
Necessary Code
If you identified that EBS optimization is not enabled on an EC2 instance, add the following code snippet to enable it through the AWS CLI or SDKs:
aws ec2 modify-instance-attribute --instance-id <instance-id> --ebs-optimized
Replace
<instance-id>Step-by-Step Remediation Guide
Follow the step-by-step guide below to enable EBS optimization on an EC2 instance through the AWS Management Console:
- 1.
Open EC2 Management Console: Go to the AWS Management Console and navigate to the EC2 service.
- 2.
Select the EC2 instance: Locate and select the EC2 instance for which you want to enable EBS optimization.
- 3.
Click "Actions": In the top menu, click on the "Actions" button to open the dropdown menu.
- 4.
Choose "Instance Settings": From the dropdown menu, choose "Instance Settings" and then click on "View/Modify".
- 5.
Enable EBS optimization: In the "Instance Settings" window, locate the "EBS Optimization" checkbox and ensure it is selected.
- 6.
Save the changes: Click on the "Save" button to apply the changes and enable EBS optimization for the selected instance.
- 7.
Verify EBS optimization: After saving the changes, verify that EBS optimization is enabled for the instance by checking the "ebsOptimized" attribute in the instance details or through the CLI command mentioned above.
Note: Enabling EBS optimization requires the instance to be stopped and started. Make sure you plan for a maintenance window if the instance is running in a production environment.
By following the above steps, you can ensure that EBS optimization is enabled on the EC2 instance to comply with HIPAA regulations.