1. EC2 Launch Template Policy.

• Rule: ec2-launch-template-imdsv2-check

• Assignment:

  Launch an EC2 instance without using IMDSv2

Watch Config flag it as non-compliant, fix it by enabling v2 in creation.

Learning Outcome: Configuration Security Enforcement

• Solution:

2. EBS Volume Encryption

Rule: encrypted-volumes

Assignment: Create an EC2 instance with an unencrypted EBS volume. See how Config marks it non-compliant. Then, fix it by using encryption at creation or modifying via snapshot.

Learning Outcome: Data-at-rest encryption & EBS management.

• Solution:

3. S3 Bucket Public Access Block

Rule: ec2-no-amazon-key-pair

Assignment:

Create an EC2 instance without a key pair; see how Config marks it as non-compliant. Fix it by enabling a key pair at creation.

Learning Outcome: Access control and prevention of public exposure.

• Solution

4. EC2 Instance Type Restriction

Rule Name: instance-type-restriction

Purpose: Ensures only specific EC2 instance types are used (e.g., t2.micro). Helps with cost control and resource standardization.

• Solution