This workflow sends the report of app tier EC2 instances that have Elastic or public IP addresses. You can change Tag from Name=app-tier to your own tag. If any of your app-tier instance have an Elastic or Public IP, then it is accessible from internet.
It is an AWS best practice to launch every EC2 machine in an AWS Auto Scaling Group to achieve zero downtime. This workflow sends a report of instances not launched in an auto-scaling group.
Using the right tenancy model for your EC2 instances should reduce the concerns around security at the instance hypervisor level and promote better compliance.
It is an AWS best practice to stop and relaunch your old EC2 instances, so that they are reallocated to updated and more reliable hardware. Instances older than 150 days are recommended to be updated.
It is AWS best practise to use IAM Roles over IAM Access Keys to sign AWS API request as Roles provide more flexibility to manage permissions. This workflow sends a report of EC2 instances which are not using IAM Roles.
This workflows send a report of under-utilised(default 40%) EC2 instances. You can save cost by downsizing under-utilised EC2 instances.
It is an AWS best practice to enable data encryption in order to prevent it from unauthorised personnel. AMI encryption is managed by AWS Key Management Service (KMS)
It is AWS best practice to launch EC2 machine from an approved/golden AMi. Approved AMI is an image of EC2 Instance having all the necessary softwares and setting configured for you application which help in scaling, quick and secure deployment.
It is AWS best practise to remove unused ENIs as there is service limit set by AWS. Keeping a lot of unused ENIs can exhaust the resource limit and will prevent the launching of new EC2 machines.
It is an AWS best practice to remove all unused EC2 key pairs from your account. It provides security to your EC2 machines by restricting access to individuals who are no longer part of your organization but still have old key value pairs with them.
AWS AMIS created by you might contain sensitive information like your application or its data that should not be exposed outside your organisation. This workflow notifies if any of the AWS AMIs are publicly shared.