AWS Config Rule: EC2 Instance Stop Protection Enabled
EC2_STOP_PROTECTION_ENABLED
Ryan Ware
Last Update há 9 meses
Description: Checks whether EC2 Instances have Stop Protection Enabled. The rule is NON_COMPLIANT if the EC2 Instance has Stop Protection disabled.
Trigger type: Periodic
AWS Region: All supported AWS regions except Asia Pacific (Osaka) Region
How To Resolve Manually
If EC2 Stop Protection is enabled, IAM & SSO Users in the AWS Console and users logged into your AWS Account via the command line, will not be able to stop the EC2 Instance. This offers a small layer to protect against accidental stoppages to your EC2 Instances.
When this config rule is enabled, each EC2 Instance in your account will be checked, and flagged as NON_COMPLIANT if AWS Config detects that Stop Protection is disabled.
In order to resolve this manually, head over to your EC2 Dashboard and choose your EC2 Instance. You will want to choose Actions from the top right menu, followed by Instance Settings and then Change Stop Protection.
Enable this via the tick box from the menu which appears and press Save! That's it - you have enabled EC2 Stop Protection for your instance.
How To Resolve with StackZone
You can resolve any NON_COMPLIANT resources with StackZone by enabling the remediation for this Config Rule
The remediation will find any EC2 Resources marked NON_COMPLIANT and enable EC2 Stop Protection for each resource found.
To enable this remediation for your StackZone deployment, head on over to Provisioning / Baseline Services / AWS Config Rules Regional / Amazon EC2 and enable EC2 Instance Stop Protection Enabled Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
