Resource Type: AWS > EC2 > Instance

The EC2 Instance resource type is part of the AWS Elastic Cloud Compute (EC2) service. Each EC2 Instance represents a virtual server that can run applications and services.

Resource Context

Instance is a part of the EC2 service.

Each Instance lives under a Region.

Controls

The primary controls for AWS > EC2 > Instance are:

It is also targeted by these controls:

AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
AWS > CIS v3.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
AWS > CIS v3.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
AWS > CIS v4.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
AWS > CIS v4.0 > 5 - Networking > 5.07 - Ensure that the EC2 Metadata Service only allows IMDSv2
AWS > CIS v5.0 > 1 - Identity and Access Management > 1.17 - Ensure IAM instance roles are used for AWS resource access from instances
AWS > CIS v5.0 > 5 - Networking > 5.07 - Ensure that the EC2 Metadata Service only allows IMDSv2
AWS > CIS v6.0 > 2 - Identity and Access Management > 2.17 - Ensure IAM instance roles are used for AWS resource access from instances
AWS > CIS v6.0 > 6 - Networking > 6.07 - Ensure that the EC2 Metadata Service only allows IMDSv2
AWS > HIPAA > EC2 > EC2 instance should have EBS optimization enabled
AWS > HIPAA > EC2 > EC2 instances should be in a VPC
AWS > HIPAA > EC2 > EC2 instances should be managed by AWS Systems Manager
AWS > HIPAA > EC2 > EC2 instances should be protected by backup plan
AWS > HIPAA > EC2 > EC2 instances should not have a public IP address
AWS > HIPAA > EC2 > EC2 stopped instances should be removed in 30 days
AWS > NIST 800-53 > EC2 > EC2 instance detailed monitoring should be enabled
AWS > NIST 800-53 > EC2 > EC2 instances should be in a VPC
AWS > NIST 800-53 > EC2 > EC2 instances should be managed by AWS Systems Manager
AWS > NIST 800-53 > EC2 > EC2 instances should have IAM profile attached
AWS > NIST 800-53 > EC2 > EC2 instances should not have a public IP address
AWS > NIST 800-53 > EC2 > EC2 instances should use IMDSv2
AWS > NIST 800-53 > EC2 > EC2 stopped instances should be removed in 30 days
AWS > PCI v3.2.1 > SSM > 3 EC2 instances should be managed by AWS Systems Manager

Quick Actions

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/aws-ec2#/resource/types/instance

Category URI

tmod:@turbot/turbot#/resource/categories/computeServer

GraphQL

query resource(id: "tmod:@turbot/aws-ec2#/resource/types/instance") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-ec2#/resource/types/instance'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-ec2#/resource/types/instance"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-ec2#/resource/types/instance';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-ec2#/resource/types/instance"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-ec2#/resource/types/instance' and notification_type in ('resource_updated', 'resource_created');