Ensure Termination Protection feature is enabled for EC2 instances that are not part of ASGs

Make sure to enable the Termination Protection safety feature for Amazon EC2 instances that are provisioned outside of Auto Scaling Groups (ASGs) to prevent unintended terminations.

Suggest Edits

Risk Level: High
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.DR.10
Covered by Spectral: No
Category: Compute

GSL LOGIC

Instance where not autoScalingGroup should have terminationProtectionEnabled=true

REMEDIATION

From Portal

  1. Sign in to AWS Management Console.
  2. Navigate to Amazon EC2 console.
  3. In the navigation panel, under Instances, choose Instances.
  4. Select the Amazon EC2 instance that you want to protect against accidental termination.
  5. Click on the Actions dropdown button from the console top menu, choose Instance settings, and select Change termination protection.
  6. On the Change termination protection configuration page, select the Enable checkbox available under Termination protection to enable the feature. Choose Save to apply the changes.

From TF
In order to enable Termination Protection:

resource 'aws_instance' 'example_instance_id' {
	//
	disable_api_termination = true
	//
}

From Command Line
run

aws ec2 modify-instance-attribute --instance-id INSTANCE_ID --disable-api-termination

References

  1. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-attribute.html
  2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/index.html

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • CloudGuard AWS All Rules Ruleset

Updated 7 months ago