Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > EC2 >

Detect EC2 Classic Instances

HIGH
Source
CloudSploit
ID
detect-ec2-classic-instances
management console

Detect EC2 Classic Instances

Ensures AWS VPC is being used for instances instead of EC2 Classic

VPCs are the latest and more secure method of launching AWS resources. EC2 Classic should not be used.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. On the EC2 dashboard, check the “Account Attributes”.If the supported platform’s status is set to VPC and EC2, then the selected account supports both EC2-Classic and EC2-VPC platforms.Step

  4. Select the “Instances” option on the left navigation panel to verify whether any instances are launched under “EC2-Classic”.Step

  5. Select the “EC2 instance” and select the “Details” tab from the bottom panel. If the “VPC Id” parameter has no value assigned, the selected EC2 instance was launched within the EC2-Classic.Step

  6. Repeat steps number 2 - 5 to verify other “EC2 instances” in the selected region.

  7. Navigate to “Instances” under the EC2 dashboard and copy all the Security Group settings of your selected instance.Step

  8. Select the “EC2-Classic” instance and select the “Action” button from the top menu. Select the “Image” option and select the “Create Image” to create the AMI of the selected “EC2-Classic” Instance.Step

  9. On the “Create Image” tab enter the Image Name and Image Description and click on the “Create Image” option at the bottom to make the changes.Step

  10. Go back to EC2 dashboard and click “Launch instances”. Navigate to “My AMIs” and select the “EC2-Classic” AMI by clicking “Select” button on the right.Step

  11. Select the “Instance Type” as per the requirement and click on the “Next: Configure Instance Details” button at the bottom.Step

  12. On the “Configure Instance Details” page, select the “VPC” option under Network and make other changes as per requirement. Click on the “Next: Add Storage” button at the bottom and select the “Storage” as per the need.Step

  13. On the “Security Group” page, enter the same rules which we copied in Step7 and click on the “Review and Launch” button. Step

  14. Click on the “View Instances” option to return to the Instance page and check whether the new EC2-VPC instance have cleared all the status checks. Step

  15. Once the new EC2-VPC instance is working fine, terminate the older EC2-Classic instance.

  16. Repeat steps number 7 - 15 to migrate instances from EC2 Classic to VPC.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use