Also read – No Ingress EC2 Instances

Here are a couple of simple, yet often ignored, best practices around EC2 instance access.

Access to EC2 instances via Systems Manager Only (Management Access)

  • Management of EC2 instances should be via Systems Manager (SSM).  
  • No Ingress EC2 instances to be created with SSM enabled. 
  • This saves the whole headache of whitelisting allowed IP Addresses to manage EC2 instances

No Public IP on EC2 Instances  (Public/End User Access)

EC2 Instances that need to be public facing should be front ended with a Load Balancer. A load balancer should expose the public IP, instead of the EC2.  

Summary

IaaS based Compute is the most used service alongside Storage.  Protecting Management Level access as well as public access is key to these instances is key to ensuring a secure AWS environment.

For an advanced security consultation, please Contact AWS Security Architect