Question 1

Is associate_public_ip_address enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, Manage access to the AWS Cloud by ensuring AWS Elastic Compute Cloud (AWS EC2) instances cannot be publicly accessed.

Question 2

Is ebs_optimized enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, An optimized instance in AWS Elastic Block Store (AWS EBS) provides additional, dedicated capacity for AWS EBS I/O operations.

Question 3

Is ebs_volumes enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, Because sensitive data can exist and to help protect data at rest, ensure encryption is enabled for your AWS Elastic Block Store (AWS EBS) volumes.

Question 4

Is metadata_options enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, Ensure the Instance Metadata Service Version 2 (IMDSv2) method is enabled to help protect access and control of AWS Elastic Compute Cloud (AWS EC2) instance metadata.

Question 5

Is monitoring enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, Enable this rule to help improve AWS Elastic Compute Cloud (AWS EC2) instance monitoring on the AWS EC2 console, which displays monitoring graphs with a 1-minute period for the instance.

Question 6

Is security_group_ingress_rules enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, This control checks whether the VPC security groups that are in use allow unrestricted incoming traffic. Optionally the rule checks whether the port numbers are listed in the authorizedTcpPorts parameter. The default values for authorizedTcpPorts are 80 and 443.

Question 7

Is subnet_id enforced for NYDFS Cybersecurity Regulation?

Accepted Answer

Yes, Deploy AWS Elastic Compute Cloud (AWS EC2) instances within an AWS Virtual Private Cloud (AWS VPC) to enable secure communication between an instance and other services within the amazon VPC, without requiring an internet gateway, NAT device, or VPN connection.

AWS EC2 Instance Terraform module

Terraform Module Source