Cool Halo Trick #7: Identifying servers launched through AWS

Problem: You have multiple servers on different providers and want to detect if a specific server is running in the Amazon Web Services (AWS) environment.

Halo can identify if a server is currently residing in AWS.

Step 1.
Create a Configuration Check that will tell you if the image is currently residing in AWS. Using the “Configuration File Setting” check we can look into the /etc/resolv.conf and check if the AWS EC2 setting is “ec2.internal”. This should indicate that the image is residing in AWS because it’s using a EC2 domain search for DNS.

Step 2.
Add the Configuration Check to your policy and anytime a configuration scan is run it should show a “fail” if the image is *not* on AWS and a “passed” if it is on AWS. You can also check the “alert” check box, so you will receive a alert if the configuration check fails.

Your scan report will now show a pass for your new “AWS detect servers” rule.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts