EC2 Instances Should Not Have Blacklisted Instance Types

​

More Info:

Your AWS account should not have any EC2 instance with the instance type blacklisted.

​

Risk Level

High

​

Address

Security

​

Compliance Standards

CBP

​

Remediation

​

Using Console

Sure, here are the step by step instructions to remediate the issue of EC2 Instances having blacklisted instance types in AWS:

1. Open the AWS Management Console and navigate to the EC2 dashboard.
2. Click on the “Instances” link in the left-hand navigation menu.
3. Select the EC2 instance that has a blacklisted instance type.
4. Click on the “Actions” button and select “Instance Settings” from the drop-down menu.
5. Click on “Change Instance Type” from the Instance Settings menu.
6. Select a different instance type that is not blacklisted.
7. Click on “Apply” to save the changes.
8. Verify that the instance type has been changed successfully.

By following these steps, you should be able to remediate the issue of EC2 instances having blacklisted instance types in AWS.

​

Using CLI

To remediate the misconfiguration “EC2 Instances Should Not Have Blacklisted Instance Types” in AWS using AWS CLI, follow the below steps:

1. Identify the blacklisted instance types that are currently running in your AWS account. You can use the following AWS CLI command to list all the running instances and their instance types:

   aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" --query 'Reservations[*].Instances[*].[InstanceId, InstanceType]'
   

2. From the list of instance types, identify the blacklisted instance types that need to be terminated.

3. Use the following AWS CLI command to terminate the instances with the blacklisted instance types. Replace the “instance-id” with the actual instance ID of the instance that needs to be terminated.

   aws ec2 terminate-instances --instance-ids instance-id
   

4. Once the instances are terminated, you can update your AWS account to prevent the blacklisted instance types from being launched in the future. To do this, you can create an AWS Config rule that checks for the use of blacklisted instance types and alerts you if any are found.

   You can use the following AWS CLI command to create an AWS Config rule that checks for the use of blacklisted instance types:

   aws configservice put-config-rule --config-rule '{"Source": {"Owner": "AWS", "SourceIdentifier": "EC2_BLACKLISTED_INSTANCE_TYPES"}, "Scope": {"ComplianceResourceTypes": ["AWS::EC2::Instance"]}}'
   

   This will create an AWS Config rule that checks for the use of blacklisted instance types in EC2 instances and alerts you if any are found.

5. Finally, you can monitor your AWS account to ensure that blacklisted instance types are not launched in the future. You can use AWS Config to continuously monitor your account for compliance with the rule you created in step 4. If any non-compliant resources are found, AWS Config will alert you so that you can take remedial action.

​

Using Python

To remediate the “EC2 Instances Should Not Have Blacklisted Instance Types” misconfiguration in AWS using Python, you can follow these steps:

1. Define the list of blacklisted instance types that should not be allowed in your AWS account. For example, you can use the following list:

blacklisted_instance_types = ['t1.micro', 'm1.small', 'c1.medium']

2. Use the AWS SDK for Python (Boto3) to retrieve a list of all EC2 instances in your AWS account. You can do this by creating an EC2 client and calling the describe_instances method:

import boto3

ec2 = boto3.client('ec2')
response = ec2.describe_instances()

3. Loop through the list of instances and check if any of them are using a blacklisted instance type. You can do this by looking at the InstanceType attribute of each instance:

for reservation in response['Reservations']:
    for instance in reservation['Instances']:
        if instance['InstanceType'] in blacklisted_instance_types:
            # This instance is using a blacklisted instance type
            # We need to stop and terminate it

4. If you find an instance that is using a blacklisted instance type, stop and terminate it. You can do this by calling the stop_instances and terminate_instances methods:

instance_id = instance['InstanceId']
ec2.stop_instances(InstanceIds=[instance_id])
ec2.terminate_instances(InstanceIds=[instance_id])

5. Repeat steps 3-4 for all instances in your AWS account.

6. Once you have remediated all instances using blacklisted instance types, you can update your AWS account configuration to prevent new instances from using these types. You can do this by creating an AWS Config rule that checks for this misconfiguration and triggers an AWS Lambda function to remediate it automatically.

​

Additional Reading:

• https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-instances-guidelines.html