Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > EC2 >

Instance IAM Role

HIGH
Source
CloudSploit
ID
instance-iam-role
management console

Instance IAM Role

Ensures EC2 instances are using an IAM role instead of hard-coded AWS credentials

IAM roles should be assigned to all instances to enable them to access AWS resources. Using an IAM role is more secure than hard-coding AWS access keys into application code.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. Scroll down the left navigation panel and choose “Instances”.

  4. Select the “EC2 Instance” that needs to be verified, scroll down and click on the “Details” tab. Step

  5. On the “Details” tab scroll down and check for “IAM role” attribute value. If no value has been assigned then the selected “EC2 Instance” has no “IAM role” assigned. Step

  6. Repeat steps number 2 - 5 to cross check other “EC2 Instances” in the selected AWS region.

  7. Navigate to “IAM” dashboard using the “Services” option.Step

  8. Scroll down the left panel and choose “Roles”.Step

  9. On the “Roles” page click on the “Create Role” button to create a new “IAM role”.Step

  10. On the “Create Role” page choose the “AWS service”, choose “EC2” and click on the “Next,Permission” button at the bottom. Step

  11. On a “Attach permissions policies” page search for “AmazonEC2FullAccess” policy from the “Filter policies” search bar which provides full access to all AWS EC2 services and resources. Click on the “Next:Tags” button to continue. Step

  12. On the “Add tags” provide a “Key” and “Value” which can help to organize, track, or control access for the selected “IAM role”. Click on the “Next: Review” button to continue the process. Step

  13. Provide a “Role name” and click on the “Create role” button to create the selected “IAM role”.Step

  14. Navigate to “EC2” dashboard and select the “EC2 Instance” on which we need to attach the “IAM role”.Step

  15. Click on the “Actions” button at the top to create an “Amazon Machine Image” of the selected “EC2 Instance”. Click on the “Image and templates” option under “Actions” dropdown menu and click on the “Create Image”.Step

  16. On the “Create Image” dialog box provide a “Image Name” and “Image Description”. Click on the “Create Image” button at the bottom to create the “Amazon Machine Image” of the selected “EC2 Instance”.Step

  17. Once the “Amazon Machine Image” is ready click on the “Launch” button to create a new “EC2 Instance” from the image created.Step

  18. On the “Configure Instance Details” page scroll down and choose the newly created “IAM role” from the dropdown menu and click on the “Review and Launch” button to create a new “EC2 Instance” with “IAM role” attached. Step

  19. Once the new “EC2 Instance” is deployed and working fine, terminate the older “EC2 Instance”.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use