This plugin ensures the total number of EC2 instances does not exceed a set threshold
Risk Level: Low
Description
This plugin ensures the total number of EC2 instances does not exceed a set threshold. The number of running EC2 instances should be carefully audited, to ensure only approved applications are consuming compute resources. This might result in unexpected charges.
Configuration Parameters
Instance Global Threshold: This parameter specifies the limit of the number of reserved instances globally. An issue is created when the number of instances exceeds the provided threshold limit.
By default, the value is 200, therefore it will return a vulnerability alert when the number of instances will exceed 200 combining all the regions.
Instance Global Threshold: This parameter specifies the limit of the number of reserved instances in a region. An issue is created when the number of instances exceeds the provided threshold limit.
By default, the value is 100, therefore it will return a vulnerability alert when the number of instances will exceed 100 in a region.
About the Service
Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.
Impact
An unexpected increase in the number of instances might indicate that the account has been compromised. In such situations, proper auditing must be done to verify that the instances are valid.
Steps to Reproduce
Using AWS Console-
- Log In to your AWS Console.
- Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in.
- Move to Instances in the Instances section from the left navigation pane.
- If the number of instances exceeds the provided regional threshold, the vulnerability at the regional level exists.
- Now repeat the process for all the regions. If the combined total number of instances exceeds the global threshold, the vulnerability at the global level exceeds.
Steps for Remediation
Ensure that the number of running EC2 instances matches the expected count. Delete the unused instance. Below are the steps to delete an instance:
- Log In to your AWS Console.
- Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in.
- Move to Instances in the Instances section from the left navigation pane.
- Select the instances you wish to terminate by clicking on the checkbox next to it.
- From the Instance State drop-down menu, click on Terminate Instance to delete the instance.
- Now repeat the process for all the regions.