Description: 

Identify and re-launch any running AWS EC2 instances older than 12months to ensure their reliability. An EC2 instance is not supposed to run indefinitely in the cloud and having too old instances within your AWS account could increase the risk of potential issues Stopping and relaunching your old EC2 instances will reallocate them to different and possibly more reliable underlying hardware.


Rationale:  

It’s important to have Amazon Machine Images not older than 6 months as it makes sure the images are not vulnerable to external attacks.

 

Impact:

Stopping and relaunching your old EC2 instances will reallocate them to different and possibly more reliable underlying hardware (host machine)

 

Default value:

Each AMI has a launch permission property that controls which AWS accounts, besides the owners, are allowed to use that AMI to launch instances. By modifying the launch permission property of an AMI, you can make the AMI public (which grants launch permissions to all AWS accounts) or share it with only the AWS accounts that you specify.

 

Pre-Requisite:

  1. Make sure are accessing the root account.

  2. After you create an AMI, you can keep it private so that only you can use it, or you can share it with a specified list of AWS accounts.

 

Remediation

Test Plan:  

To share a public AMI using the console

  • Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  • In the navigation pane, choose Instances

  • Select the EC2 instance that you want to examine. The Instance State for the selected EC2 instance must be 'running'.

  • Select the Details to tab from the dashboard bottom panel.

  • In the right column, check the Launch time parameter value:
  • To determine the instance active age. If the selected EC2 instance’s active age is greater than 12 months, the instance is considered old and requires a restart.
  • Repeat steps no. 4 – 6 to verify the launch date for other instances available in the current region.
  • Change the AWS region from the navigation bar and repeat the audit process for the other regions.

 

CLI COMMANDS

To know the current launch date of the instance

aws ec2 describe-instances
  --region us-east-1
  --instance-id <value>
  --query 'Reservations[*].Instances[*].LaunchTime'

Implementation steps:

To share a public AMI using the console

Step 01:Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

Step 02:In the navigation pane, choose Instances

Step 03: Scroll bar you will see the Launch Time their you can find the which date you created that instance 

Step 04: Click on that Instance 

step 05: click on the Instance state dropdown button from the dashboard top menu, click Stop instance. 

step 06: For confirmation, it will ask you again to click on Stop

  • For confirmation, it will ask you again to click.

  • Again start the EC2 instance which we have stopped in the previous step to change the launch time.

  • Make sure the data should be the same.

 CLI COMMANDS

To stop the instance 

aws ec2 stop-instances
  --region us-east-1
  --instance-ids i-0c41af2ddee0308d6

To start the instances 

aws ec2 start-instances --instance-ids i-1234567890abcdef0

Back out a plan:

  • When we start and stop the instance the virtual machine provisioned for you we will change to another virtual machine and the IP address will be changed.

 Reference: 

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html