Links

AWS EC2 Instance

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Design for High Availability

Design Guidance:

AWS::EC2::Instance

Availability Zone
Terraform

Asset Inventory

Design Guidance:

AWS::EC2::Instance

Block Device Mappings-Device Name
Terraform
Host Resource Group Arn
Terraform
Tags
Terraform

Data Minimization

AWS::EC2::Instance

Ebs-Delete On Termination
Terraform

Transparent Data Encryption

Design Guidance:

AWS::EC2::Instance

Ebs-Encrypted
Terraform

Protect Cryptographic Keys

Design Guidance:

AWS::EC2::Instance

Ebs-Kms Key Id
Terraform

Access Policy Enforcement

AWS::EC2::Instance

Iam Instance Profile
Terraform

Hardening

Design Guidance:

AWS::EC2::Instance

Image Id
Terraform
Kernel Id
Terraform

Identification and Authentication

Design Guidance:

AWS::EC2::Instance

Key Name
Terraform

Logging

AWS::EC2::Instance

Monitoring
Terraform

Network Isolation and Segregation

Design Guidance:

AWS::EC2::Instance

Network Interfaces
Terraform
Network Interfaces-Associate Public Ip Address
Terraform

Firewalls

Design Guidance:

AWS::EC2::Instance

Network Interfaces-Group Set
Terraform
Security Group Ids
Terraform
Security Groups
Terraform

Subnet Isolation

Design Guidance:

AWS::EC2::Instance

Network Interfaces-Network Interface Id
Terraform
Network Interfaces-Private Ip Address
Terraform
Network Interfaces-Private Ip Addresses
Terraform
Private Ip Addresses-Primary
Terraform
Private Ip Addresses-Private Ip Address
Terraform
Network Interfaces-Secondary Private Ip Address Count
Terraform
Network Interfaces-Subnet Id
Terraform
Private Ip Address
Terraform

External Connection Protection

Design Guidance:

AWS::EC2::Instance

Source Dest Check
Terraform