AWS-EC2-Instances-Managed

Severity : Medium

Description: This control ensures that EC2 instances are managed by AWS System Manager to be allowed to view operation data for multiple services. Systems Manager helps maintain security and compliance by scanning managed nodes and reporting on policy violations it detects. System Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and helps you operate and manage your AWS infrastructure securely at scale

Remediation Steps:

Perform following to update instance to manage by SSM:

1. Login to AWS management console at https://console.aws.amazon.com.

2. Navigate to EC2 console.

3. In navigation pane, under Instances, choose Instances.

4. Choose your EC2 instance from the list.

5. In the Actions menu, choose Security, Modify IAM role.

6. For IAM role, select the instance profile created for System manager instance profile with AWS managed policy for AmazonSSMManagedInstanceCore, AmazonSSMDirectoryServiceAccess.

7. Choose Apply.

Important:

• When IAM instance profile changes, it might take some time for the instance credentials to refresh. SSM Agent won't process requests until this happens. To speed up the refresh process, restart SSM Agent or restart the instance.

Reference :

• https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-ec2.html

• https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managed-instance.html#setup-launch-managed-instance-existing

• https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html