AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EC2 Systems Manager Are Configured To Collect Blacklisted Inventory.
More Info:
This rule checks whether instances managed by Amazon EC2 Systems Manager are configured to collect blacklisted inventory types.
Risk Level
Low
Address
Configuration
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of EC2 Systems Manager collecting blacklisted inventory in AWS, follow these steps using the AWS Management Console:
-
Access AWS Systems Manager Console:
- Log in to your AWS account and navigate to the AWS Management Console.
- Go to the Systems Manager service by searching for it in the search bar.
-
Navigate to Inventory Explorer:
- In the Systems Manager console, navigate to the ‘Explorer’ section from the left-hand menu.
-
Identify Blacklisted Inventory:
- In the Inventory Explorer, you will be able to see a list of all the managed instances and the collected inventory details.
- Identify the blacklisted inventory items that are being collected by EC2 Systems Manager.
-
Update Inventory Collection Configuration:
- Click on ‘Inventory Setup’ in the Systems Manager console.
- Review the inventory collection configuration settings to identify the blacklisted items.
- Click on ‘Edit Inventory Schema’ to modify the inventory collection configuration.
-
Remove Blacklisted Items:
- In the inventory schema, locate the blacklisted inventory items that are being collected.
- Remove the blacklisted items from the inventory schema by deselecting them or deleting them from the configuration.
-
Save Changes:
- Once you have removed the blacklisted items from the inventory collection configuration, click on ‘Save’ to apply the changes.
-
Verify Configuration:
- Go back to the Inventory Explorer and verify that the blacklisted inventory items are no longer being collected.
-
Monitor for Compliance:
- Regularly monitor the inventory collection configuration to ensure that blacklisted items are not being collected in the future.
By following these steps, you can remediate the misconfiguration of EC2 Systems Manager collecting blacklisted inventory in AWS.
To remediate the misconfiguration of EC2 Systems Manager collecting blacklisted inventory in AWS, you can follow these steps using AWS CLI:
Step 1: Identify the Systems Manager inventory collection configuration Run the following AWS CLI command to describe the current inventory collection configuration for Systems Manager:
aws ssm describe-instance-information
This command will provide information about the managed instances and their inventory collection status.
Step 2: Update the inventory collection configuration Run the following AWS CLI command to update the inventory collection configuration for Systems Manager:
aws ssm update-instance-information --instance-information-filter-list key=InstanceDetailedInformation,values=true
This command will update the inventory collection configuration to collect detailed information for the managed instances.
Step 3: Verify the updated configuration You can run the describe-instance-information command again to verify that the inventory collection configuration has been updated successfully:
aws ssm describe-instance-information
Ensure that the inventory collection is now configured to collect the required information and that blacklisted inventory items are no longer being collected.
By following these steps, you can remediate the misconfiguration of EC2 Systems Manager collecting blacklisted inventory in AWS using AWS CLI.
To remediate the misconfiguration where EC2 Systems Manager is configured to collect blacklisted inventory in AWS, you can follow these steps using Python:
-
Identify the Blacklisted Inventory Configuration: First, you need to identify the blacklisted inventory configuration in the EC2 Systems Manager. This can be done by checking the Systems Manager Inventory configuration settings.
-
Update the Inventory Configuration: You will need to update the inventory configuration to remove the blacklisted items. This can be done by modifying the Systems Manager Inventory configuration using the AWS SDK for Python (Boto3).
-
Install Boto3: If you haven’t already, install the Boto3 library in your Python environment. You can install it using pip:
pip install boto3
-
Write Python Script: Write a Python script that uses Boto3 to update the Systems Manager Inventory configuration. Here is an example script that removes the blacklisted inventory items:
import boto3 # Initialize the EC2 client ssm_client = boto3.client('ssm') # Get the current inventory configuration response = ssm_client.get_inventory_configuration( InstanceId='your-instance-id-here' ) # Remove the blacklisted items from the inventory configuration inventory_configuration = response['InventoryConfiguration'] blacklisted_items = ['blacklisted-item1', 'blacklisted-item2'] # Add the blacklisted items here updated_inventory = [item for item in inventory_configuration if item not in blacklisted_items] # Update the inventory configuration response = ssm_client.put_inventory_configuration( InstanceId='your-instance-id-here', InventoryConfiguration=updated_inventory ) print('Inventory configuration updated successfully.')
-
Replace ‘your-instance-id-here’ and ‘blacklisted-itemX’: Replace ‘your-instance-id-here’ with the actual EC2 instance ID and add the blacklisted items to be removed from the inventory configuration.
-
Run the Script: Execute the Python script in your environment. This will update the Systems Manager Inventory configuration to remove the blacklisted items.
By following these steps, you can remediate the misconfiguration where EC2 Systems Manager is configured to collect blacklisted inventory in AWS using Python.