Profile Applicability:

Level 1

Description:

AWS Lightsail allows users to create instances that can be attached to storage buckets. Ensuring that Lightsail instances are attached to the appropriate buckets is essential for managing and storing data. By configuring the instances correctly, you ensure that data is available for the applications running on these instances.

Rationale:

Attaching Lightsail instances to buckets ensures that:

  • Data is properly stored and accessible by the instances.

  • Proper management of storage resources for the Lightsail instances.

  • Simplified backup, security, and resource management.

Default Value:

By default, Lightsail instances are not automatically attached to any buckets. The user must configure them to attach instances to the required buckets.

Impact:

  • Pros:

    • Improved data management and access control.

    • Simplified backup and recovery of data associated with instances.

  • Cons:

    • Misconfiguration could lead to data being inaccessible or improperly managed.

    • Requires careful monitoring to ensure that the correct instances are linked to the appropriate buckets.

Remediation:

Test Plan:

Using AWS Console:

  1. Log in to the AWS Console at AWS Console.

  2. Navigate to Lightsail under Compute.

  3. Go to the Instances tab and select the Lightsail instance you want to attach to a bucket.

  4. Click on the Networking tab to configure network settings.

  5. Ensure that the correct bucket is selected in the Attach Storage section.

  6. Attach the required bucket to the instance.

Using AWS CLI:

  1. Run the following command to list all available Lightsail instances:

    aws lightsail get-instances

  2. Identify the instance to which you want to attach a bucket.

  3. Run the following command to attach the storage bucket to the selected instance:

    aws lightsail attach-disk --disk-name <disk-name> --instance-name <instance-name>

Implementation Plan:

Using AWS Console:

  1. Log in to the AWS Console at AWS Console.

  2. Navigate to Lightsail and review the available instances and buckets.

  3. Select the instance that needs to be attached to a bucket.

  4. Attach the required bucket to the instance.

Using AWS CLI:

  1. List the available instances and disks using the following commands:

     aws lightsail get-instances
aws lightsail get-disks

  1. Attach the required disk to the instance using the attach-disk command:

    aws lightsail attach-disk --disk-name <disk-name> --instance-name <instance-name>

Backout Plan:

Using AWS Console:

  1. If the wrong instance is attached to a bucket, log in to the AWS Console.

  2. Navigate to Lightsail and go to the Instances section.

  3. Detach the incorrect bucket and reattach the correct one.

Using AWS CLI:

  1. Detach the incorrect disk using the following command:

    aws lightsail detach-disk --disk-name <incorrect-disk-name> --instance-name <instance-name>

  2. Attach the correct disk using the appropriate command:

    aws lightsail attach-disk --disk-name <correct-disk-name> --instance-name <instance-name>

References:

CIS Controls:

Version

Control ID

Control Description

v8

3.4

Ensure that Lightsail instances are attached to the correct buckets to manage and store data effectively.

v7

14.2

Implement proper attachment of instances to storage resources, ensuring that access to critical data is streamlined and secure.