EC2 Not EBS Optimized

  • Query id: 338b6cab-961d-4998-bb49-e5b6a11c9a5c
  • Query name: EC2 Not EBS Optimized
  • Platform: Ansible
  • Severity: Info
  • Category: Best Practices
  • CWE: 710
  • URL: Github

Description

It's considered a best practice for an EC2 instance to use an EBS optimized instance. This provides the best performance for your EBS volumes by minimizing contention between Amazon EBS I/O and other traffic from your instance
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: example
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t2.micro
    image: ami-123456
    wait: yes
    group: default
    count: 3
    vpc_subnet_id: subnet-29e63245
Positive test num. 2 - yaml file
- name: example2
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t2.micro
    image: ami-123456
    wait: yes
    group: default
    count: 3
    vpc_subnet_id: subnet-29e63245
    ebs_optimized: false
Positive test num. 3 - yaml file
- name: example3
  amazon.aws.ec2:
    key_name: mykey
    image: ami-123456
    wait: yes
    group: default
    count: 3
    vpc_subnet_id: subnet-29e63245

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: example4
  amazon.aws.ec2:
    key_name: mykey
    image: ami-123456
    wait: yes
    group: my_sg
    count: 3
    vpc_subnet_id: subnet-29e63245
    ebs_optimized: true
Negative test num. 2 - yaml file
- name: example5
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t3.nano
    image: ami-123456
    wait: yes
    group: my_sg
    count: 3
    vpc_subnet_id: subnet-29e63245
Negative test num. 3 - yaml file
- name: example5
  amazon.aws.ec2:
    key_name: mykey
    instance_type: t3.nano
    image: ami-123456
    wait: yes
    group: my_sg
    count: 3
    vpc_subnet_id: subnet-29e63245
    ebs_optimized: false