EC2 Desired Instance Type

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: Medium (should be achieved)
Rule ID: EC2-017

Determine if the EC2 instances provisioned in your AWS account have the desired instance type(s) established by your organization based on the workload deployed. Cloud Conformity provides you the capability to define the desired EC2 instance type(s) based on your workload requirements upon enabling this rule (the rule is disabled by default).

This rule can help you with the following compliance standards:

  • APRA
  • MAS

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS


Setting limits for the type(s) of EC2 instances provisioned in your AWS account will help you to manage better your cloud compute power, address internal compliance requirements and prevent unexpected charges on your AWS bill.


To determine if the EC2 instances launched in your AWS account have all the desired instance type(s), perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at

03 In the left navigation panel, under INSTANCES section, choose Instances.

04 Click inside the attributes filter box located under the EC2 dashboard top menu, select Instance Type, type the name of the desired instance type prefixed with an exclamation mark (e.g. !m3.medium) and press Enter. If the filtering process returns one or more EC2 instances as result, the instances available in the current region were not launched using the desired type, therefore you must take action and raise an AWS support case to limit EC2 instance creation only to the desired/required instance type(s) (see Remediation/Resolution section).

05 Change the AWS region from the navigation bar and repeat step no. 4 for all other regions.


01 Run describe-instances command (OSX/Linux/UNIX) using appropriate filtering to list the type(s) of the running EC2 instances currently provisioned in the selected region:

aws ec2 describe-instances
	--region us-east-1
	--filters "Name=instance-state-name,Values=running"
	--output table
	--query 'Reservations[*].Instances[*].InstanceType'

02 The command output should return a table with the requested EC2 instance type(s):

|                   DescribeInstances                   |
|  m3.medium  |  m3.medium  |  m3.medium  |  c3.xlarge  |

This filtering method will help you to determine the type of each running EC2 instance available in the selected region. If the instance types returned are not the ones expected, you must take action and raise an AWS support case to limit EC2 instance creation only to the desired/required instance type(s).

03 Repeat step no. 1 and 2 to perform the audit process for all other AWS regions.

Remediation / Resolution

To limit the EC2 instances that will be launched in your account to the desired instance type(s), perform the following:

Note: Raising a support case to request the necessary limitation using the AWS API via Command Line Interface (CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center page at

03 On the Create Case support page, perform the following:

  1. Under Regarding, select Service Limit Increase.
  2. Choose EC2 Instances from the Limit Type dropdown list as the type of limit to increase.
  3. In the Request section, perform the following actions:
    • Select the AWS region where the instance type limit is required from the Region dropdown list.
    • Select the desired EC2 instance type from the Primary Instance Type dropdown list.
    • Select Instance Limit from the Limit dropdown list.
    • In the New limit value box, enter the limit value to request for the selected instance type based on your requirements.
  4. If you need to send multiple requests for multiple instance types, click the Add another request button to add as many requests as needed and repeat step c.
  5. In the Use Case Description textbox, enter a small description where you explain the instance type limit request so AWS support can evaluate your case.
  6. Under Contact method, select a preferred contact method that AWS support team can use to respond to your request.
  7. Click Submit to send the request to AWS Support.


Publication date Jun 23, 2016

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

EC2 Desired Instance Type

Risk level: Medium