Ensure that all your EC2 instances are using suitable naming conventions for tagging in order to manage them more efficiently and adhere to AWS resource tagging best practices. A naming convention is an established set of rules useful for choosing the name of an AWS resource. Cloud Conformity strongly recommends using the following pattern (default) for naming your EC2 instances: ^ec2-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-([1-2]{1})([a-c]{1})-(d|t|s|p)-([a-z0-9\-]+)$
. In case you already have your custom pattern, the default pattern can be replaced within the rule configuration settings available on the Cloud Conformity console.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Naming (tagging) your EC2 instances logically and consistently has several advantages such as providing additional information about the instance location and usage, promoting consistency within the selected environment, distinguishing fast similar resources from one another, improving clarity in cases of potential ambiguity and classifying them accurately as compute resources for easy management and billing purposes.
Default Pattern Format
ec2-RegionCode-AvailabilityZoneCode-EnvironmentCode-ApplicationCode.
Default Pattern Components
- RegionCode
-
(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)
for us-east-1, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, sa-east-1 - AvailabilityZoneCode
-
([1-2]{1})([a-c]{1})
e.g. e.g. (2a|2b|2c) for us-west-2a, us-west-2b, us-west-2c - EnvironmentCode
-
(d|t|s|p)
for development, test, staging, production. - ApplicationCode
-
([a-z0-9\-]+)
for applications (e.g. tomcat, nodejs) that run on these EC2 instances.
Default Pattern Examples
ec2-us-east-1-2a-p-tomcat
ec2-us-west-1-2b-p-nodejs
Audit
To verify the naming conventions used for tagging your EC2 instances, perform the following:
Remediation / Resolution
To implement the appropriate naming convention for tagging your existing EC2 instances based on the default (recommended) pattern (i.e. ^ec2-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-([1-2]{1})([a-c]{1})-(d|t|s|p)-([a-z0-9\\-]+)$), perform the following:
References
- AWS Documentation
- Tagging Your Amazon EC2 Resources
- What are some recommended best practices for tagging my Amazon EC2 resources?
- Tag Restrictions
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
- create-tags
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
EC2 Instance Naming Conventions
Risk level: Low