Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Account Instance Limit

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Very High (act immediately)
Rule ID: EC2-018

Determine if the number of Amazon EC2 instances provisioned in your AWS cloud account has reached the limit quota established by your organization for the workload deployed. By default, Trend Cloud One™ – Conformity sets a threshold value of 50 for the maximum number of provisioned EC2 instances, however, you have the capability to adjust this threshold based on your internal requirements upon enabling this rule.

This rule can help you with the following compliance standards:

  • APRA
  • MAS

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Security

Monitoring and setting limits for the maximum number of Amazon EC2 instances provisioned in your AWS cloud account will help you to better manage your compute power and prevent unexpected charges on your AWS bill in case of auto-scaling misconfiguration or large Distributed Denial of Service (DDoS) attacks.

Note: The threshold for the maximum number of Amazon EC2 instances per AWS account set for this conformity rule is 50 (default value).

Audit

To determine the total number of Amazon EC2 instances available in your AWS cloud account, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon EC2 console available at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under Instances, choose Instances.

04

Check the total number of Amazon EC2 instances available within the current AWS cloud region, listed in the top-left section of the console, i.e., Instances (\<number-of-ec2-instances\>).

05

Change the AWS cloud region from the navigation bar and repeat step no. 4 for all other regions. If the total number of EC2 instances across all AWS regions is greater than 50, the default (recommended) threshold was exceeded. Therefore, you must take action and create an AWS support case to limit the number of EC2 instances based on your workload requirements.

Using AWS CLI

01 Run describe-instances command (OSX/Linux/UNIX) with custom output filters to list the IDs of the Amazon EC2 instances provisioned in the selected AWS cloud region: 

aws ec2 describe-instances
	--region us-east-1
	--output table
	--query 'Reservations[*].Instances[*].InstanceId'

02 The command output should return a table with the requested EC2 instance identifiers (IDs): 

-------------------------
|   DescribeInstances   |
+-----------------------+
|  i-01234abcd1234abcd  |
|  i-0abcd1234abcd1234  |
|  i-0abcdabcdabcdabcd  |
|          ...          |
|  i-01234123412341234  |
|  i-0abcd1234abcd1234  |
|  i-01234abcd1234abcd  |
+-----------------------+

Each table row returned by the describe-instances command output represents an individual EC2 instance. Identify the total number of Amazon EC2 instances listed in the describe-instances command output.

03 Change the AWS cloud region by updating the --region command parameter and repeat steps no. 1 and 2 for all other regions. If the total number of Amazon EC2 instances across all AWS regions is greater than 50, the default (recommended) threshold was exceeded. Therefore, you must take action and create an AWS support case to limit the number of EC2 instances based on your workload requirements.

Remediation / Resolution

To request Amazon Web Services (AWS) to limit the number of EC2 instances that you can launch within your AWS cloud account, perform the following operations:

Note: Creating a support case to request a limit for the number of Amazon EC2 instances using the AWS Command Line Interface (AWS CLI) is not currently supported.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Center console available at https://console.aws.amazon.com/support/.

03 In the left navigation panel, under Support Center, choose Your support cases.

04 Choose Create case and perform the following actions to create a support case for instance number restriction:

  1. For How can we help?, provide the following information:
    1. Choose Account and billing for the support case type.
    2. For Service, select Account.
    3. For Category, choose Other Account Issues.
    4. For Severity, select General question.
    5. Choose Next step: Additional information.
  2. For Additional information, provide the following information:
    1. Choose your preferred contact language from the Preferred contact language dropdown list.
    2. For Subject, provide the support request subject, such as Set a limit on EC2 instance creation in my AWS cloud account.
    3. For Description, provide a concise description where you provide the reason for the EC2 instance limit request and the maximum number of EC2 instances that can be launched in your AWS account. This will help the AWS support team to evaluate your request.
    4. Choose Next step: Solve now or contact us.
  3. For Solve now or contact us, select the Contact us tab, and choose a preferred contact method that AWS support team can use to respond to your request.
  4. Choose Submit to send your request to Amazon Web Services (AWS). A customer support representative should contact you shortly.

References

Publication date Jun 23, 2016

Related EC2 rules