Ensure that none of the Amazon EC2 instances provisioned within your AWS cloud account have their instance type banned by your organization. Before running this rule by the Trend Cloud One™ – Conformity engine, the list of unapproved EC2 instance types must be configured in the rule settings, on your Conformity account console.
This rule resolution is part of the Conformity solution.
Setting limits for the EC2 instance types used within your organization can help you address internal security compliance and prevent unexpected charges on your AWS bill. Furthermore, banning a small set of EC2 instance types, usually extremely large instance types such as r4.16xlarge or c5d.18xlarge, is much more efficient than having to explicitly permit a large number of allowed instance types.
Audit
To determine if there are Amazon EC2 instances with unapproved instance types available in your AWS cloud account, perform the following actions:
Remediation / Resolution
To ensure that no Amazon EC2 instances are launched within your AWS cloud account using unapproved instance types, perform the following actions:
Note: Creating a support case to request instance type restrictions using the AWS Command Line Interface (AWS CLI) is not currently supported.References
- AWS Documentation
- Amazon EC2 FAQs
- Amazon EC2 Instance Types
- Amazon EC2 instances
- Instance Types
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances