Insecure service configuration

Insecure service configuration - EC2

Need

Secure configuration of EC2 instances

Context

• Usage of CloudFormation for Infrastructure as Code (IaC)

• Usage of AWS native service to manage infrastructure as code

Description

1. Non compliant code

Resources:
  InsecureInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0c94855ba95c574c8
      InstanceType: t2.micro

This CloudFormation template launches an EC2 instance without a security group or key pair, exposing it publicly and making it inaccessible securely.

2. Steps

• Use updated and secure AMIs

• Restrict traffic via security groups

• Use SSH key pairs for access control

• Encrypt EBS volumes

3. Secure code example

Parameters:
  KeyName:
    Type: String
    Description: Existing EC2 KeyPair

Resources:
  InstanceSG:
    Properties:...

This template secures the instance by using a key pair for SSH, a restrictive security group, and encrypted storage.

References

On this page