Certified Security - Specialty

Sign Up Free or Log In to participate!

Compromised EC2 instance – Where is the official AWS documentation that shows method of isolation etc. ?

I am looking for the official method and documentation on how to deal with a compromised EC2 instance ?

2 Answers

Hi there,

I thought I had found something from AWS for this in the past, but now I can’t seem to find it.  There is their Digital Forensics page, which has a PDF for how to respond to Incidence Response.

One way to isolate an affected EC2 instance for investigation is to place it in a Security Group that 
only the forensic investigators can access. Close all ports except to receive inbound SSH or RDP traffic from one single 
IP address from which the investigators can safely examine the instance.
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?