Skip to main content
All CollectionsTemplatesIntermediate
Isolate an AWS EC2 Instance by using tags (AWS) - Workflow Template
Isolate an AWS EC2 Instance by using tags (AWS) - Workflow Template

When applying a specific Key:Value tag on an EC2 instance, apply a isolation security group and remove IAM Instance Role and apply new role

Updated over a week ago

This workflow template responds to AWS SNS events triggered by the addition of a specific Key:Value tag to an EC2 instance, implementing isolation measures for enhanced security. Upon event detection, the workflow obtains instance details, checks for the presence of an Isolation Security Group within the VPC, and creates one if needed. Then, it applies the security group to the instance, disassociates any existing IAM Instance Profile, and associates a predefined Isolation IAM Instance Profile. This automated process is essential for Cloud Security Posture Management (CSPM).

Trigger

Amazon SNS

Use Cases

CSPM

Workflow Breakdown

  1. Receive an event from AWS SNS based on a specific Key:Value tag

  2. Get Instance Details and find the VPC

  3. Check if an Isolation Security Group exists, if not create a new Security Group

  4. Apply the Isolation Security Group on the instance

  5. Check for an IAM Instance Profile on the Instance, if one exists disassociate it

  6. Apply an Isolation IAM Instance Profile on the instance

Vendors

AWS, Utils

Workflow Output

Isolate the EC2 Instance

Tips

Setup the SNS event using the EventBridge rule to send events on addition of specific tags to EC2 Instances

Did this answer your question?