Ensure that your AWS EC2 instances are using the appropriate tenancy model, i.e. Multi-Tenant Hardware (shared) or Single-Tenant Hardware (dedicated) in order to comply with your organization regulatory security requirements. Based on these tenancy models, AWS provides two types of instances: Shared Instances - which run on shared hardware where the isolation is logical and Dedicated Instances/Dedicated Hosts - which run in single-tenant hardware where the isolation is physical. Cloud Conformity strongly recommends using EC2 Dedicated Instances or Dedicated Hosts if the regulatory and security requirements prohibit your organization data from being physically stored on shared hardware.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using the right tenancy model for your EC2 instances should reduce the concerns around security at the instance hypervisor level and promote better compliance." note="Note: Not all EC2 instance types are eligible for the dedicated tenancy model. To verify if your EC2 instance type can be launched in a dedicated hardware environment, consult the updated AWS documentation at https://aws.amazon.com/ec2/purchasing-options/dedicated-instances/.
To determine the type of tenancy, shared or dedicated, used by your EC2 instances, perform the following:
Remediation / Resolution
To recreate/re-launch your running EC2 instances with the required tenancy, perform the following:Note: You can launch or re-launch EC2 Dedicated Instances within both dedicated and non-dedicated VPCs by setting the instance tenancy type to “dedicated” during the launch process.
- AWS Documentation
- Amazon EC2 Dedicated Instances
- Amazon EC2 Dedicated Hosts
- Dedicated Instances
- Creating an Amazon EBS-Backed Linux AMI
- Launching an Instance
- Elastic IP Addresses
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EC2 Instance Tenancy
Risk level: Medium