Ensure AWS EBS Volumes are attached to instances

Checks for EBS volumes that are unattached to instances, for example, if they persist after an EC2 instance has been terminated. It is recommended to review of these volumes regularly, since they may contain sensitive company data, application, infrastructure or users. In addition, removing unattached instances will lower your AWS bill.

Suggest Edits

Risk Level: Low
Cloud Entity: Amazon Elastic Block Storage (EBS)
CloudGuard Rule ID: D9.AWS.OPE.05
Covered by Spectral: Yes
Category: Storage

GSL LOGIC

Volume should have attachments contain [ state='attached' ]

REMEDIATION

From Portal
Use following steps to change the policy using the AWS Console:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon EC2 console.
  3. In the navigation pane, select Elastic Block Store and then Volumes.
  4. Select an available Volume and open Actions and then click on Attach Volume.
  5. Enter the name or ID of the Instance; the matching list of instances displays. Only instances in the same Availability Zone as the volume display. Select an Instance from the list.
    For Device, either keep the suggested Device Name, or enter a different supported Device Name.
  6. Select Attach.

From TF

resource "aws_volume_attachment" "example1" {
	...
	+ volume_id   = ebs_volume_id
	+ instance_id = aws_instance_id
}

From Command Line
Use following command to attach a volume to an instance:

aws ec2 attach-volume --volume-id ebs_volume_id --instance-id aws_instance_id --device device_name

Use following command to delete the unused EBS volume:

aws ec2 delete-volume --volume-id ebs_volume_id

References

  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html
  2. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment
  4. https://docs.aws.amazon.com/cli/latest/reference/ec2/attach-volume.html
  5. https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-volume.html

Amazon Elastic Block Storage (EBS)

Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes ��� all while paying a low price for only what you prov

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard CheckUp
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset

Updated 7 months ago