AWS Config Rule: EC2 Desired Instance Tenancy

Description: Checks EC2 instances for a 'tenancy' value. Also checks if AMI IDs are specified to be launched from those AMIs or if Host IDs are launched on those Dedicated Hosts. The rule is COMPLIANT if the instance matches a host and an AMI, if specified, in a list.

Trigger type: Configuration changes

AWS Region: All supported AWS regions

This AWS Config rule checks whether EC2 instances are initiated under specific tenancy types, which include DEDICATED, HOST, or DEFAULT (shared). If an instance is launched with tenancy different from the expected type, the rule will be flagged as non-compliant.

According to AWS documentation, changing from a shared tenancy to either Dedicated Instance or Dedicated Host directly after launch is not supported. Therefore, you will need to evaluate and select the most appropriate method for your organization. For additional details, please refer the AWS documentation.

One way to address this issue could be to create a snapshot of the volume, create an AMI from the instance, and then launch a new instance with the desired tenancy.

When launching a new instance, you can find this option under Advanced details > Tenancy. Please refer to the image below:

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here