Loading controls...
Benchmark: EC2
Description
This section contains recommendations for configuring EC2 resources.
Usage
Browse dashboards and select EC2:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.all_controls_ec2Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.all_controls_ec2Controls
- EC2 AMIs should restrict public access
- EBS default encryption should be enabled
- EC2 instance detailed monitoring should be enabled
- EC2 instance should have EBS optimization enabled
- EC2 instances should have IAM profile attached
- EC2 instances should be in a VPC
- EC2 instances should not use key pairs in running state
- EC2 instances high level findings should not be there in inspector scans
- EC2 instances should not be attached to 'launch wizard' security groups
- EC2 instances should not have a public IP address
- EC2 instances should not use multiple ENIs
- EC2 instances should be protected by backup plan
- Public EC2 instances should have IAM profile attached
- AWS EC2 instances should have termination protection enabled
- EC2 instances user data should not have secrets
- EC2 instances should use IMDSv2
- Paravirtual EC2 instance types should not be used
- AWS EC2 launch templates should not assign public IPs to network interfaces
- EC2 stopped instances should be removed in 30 days
- EC2 transit gateways should have auto accept shared attachments disabled