Control: 4 Stopped EC2 instances should be removed after a specified time period
This control checks whether any EC2 instances have been stopped for more than the allowed number of days. An EC2 instance fails this check if it is stopped for longer than the maximum allowed time period, which by default is 30 days.
A failed finding indicates that an EC2 instance has not run for a significant period of time. This creates a security risk because the EC2 instance is not being actively maintained (analyzed, patched, updated). If it is later launched, the lack of proper maintenance could result in unexpected issues in your AWS environment. To safely maintain an EC2 instance over time in a nonrunning state, start it periodically for maintenance and then stop it after maintenance. Ideally this is an automated process.
You can terminate an EC2 instance using either the console or the command line.
Before you terminate the EC2 instance, verify that you won't lose any data:
- Check that your Amazon EBS volumes will not be deleted on termination.
- Copy any data that you need from your EC2 instance store volumes to Amazon EBS or Amazon S3.
To terminate an EC2 instance (console)
- Open the Amazon EC2 console.
- In the navigation pane, under
- Select the instance, and then choose
- When prompted for confirmation, choose
To terminate an EC2 instance (AWS CLI, Tools for Windows PowerShell)
Use one of the following commands. For more information about the command line interface, see Accessing Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.
steampipe check aws_compliance.control.foundational_security_ec2_4
This control uses a named query:ec2_stopped_instance_30_days