Description

To improve the management of heavy compute resources and prevent unexpected charges on your AWS bill, it is recommended to detect the launch of EC2 large instances. The alarm is configured to trigger whenever an AWS API call is made to provision a 4xlarge or 8xlarge EC2 instance.

Remediation

Here are the remediation steps for handling large EC2 instances were created:

  1. Identify the list of instances running in your AWS account using the EC2 console or command line interface.
  2. Filter the instances based on their instance type, you can for example look for instances that are 4xlarge or 8xlarge.
  3. If any instances are found that match this criteria, stop the instance using the EC2 console or command line interface.
  4. Once the instance has been stopped, you can either modify the instance type to a smaller size or terminate the instance altogether.
  5. If you need to replace the instance with a new one, ensure that you choose an instance type that is appropriate for your needs, based on the application's resource requirements.

It's important to note that before taking any remediation steps, you should always confirm that the instance is not being used for any critical applications or services. Additionally, it's a good practice to regularly monitor your AWS resources to ensure that no large instances are launched without proper authorization.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.