Ensure EC2 instance uses an IAM profile

Security & Compliance

When an EC2 instance uses an IAM profile, it allows the instance to access other AWS services based on the permissions assigned to the IAM role. If an EC2 instance does not have an assigned IAM profile, it may be more difficult to manage permissions and enforce security policies, potentially leading to security vulnerabilities. Therefore, it is recommended to ensure that all EC2 instances have an associated IAM profile.


To ensure EC2 instances are using an IAM profile, you can take the following steps:

  1. Create an IAM role that has the necessary permissions for the EC2 instance to operate.
  2. Attach the IAM role to the EC2 instance by specifying the IAM role when you launch the instance, or by stopping the instance and modifying its configuration.
  3. Test the configuration to ensure that the IAM role is working correctly.

Additionally, you should also periodically review the IAM roles attached to your EC2 instances to ensure that they have the appropriate permissions and are still needed.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.