diff --git a/src/bpsets/ec2/EC2Imdsv2Check.ts b/src/bpsets/ec2/EC2Imdsv2Check.ts index 962288c..65dded6 100644 --- a/src/bpsets/ec2/EC2Imdsv2Check.ts +++ b/src/bpsets/ec2/EC2Imdsv2Check.ts @@ -73,6 +73,9 @@ export class EC2Imdsv2Check implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if (instance.MetadataOptions?.HttpTokens === 'required') { compliantResources.push(instance.InstanceId!); } else { diff --git a/src/bpsets/ec2/EC2InstanceDetailedMonitoringEnabled.ts b/src/bpsets/ec2/EC2InstanceDetailedMonitoringEnabled.ts index c81bb45..6a9dbcf 100644 --- a/src/bpsets/ec2/EC2InstanceDetailedMonitoringEnabled.ts +++ b/src/bpsets/ec2/EC2InstanceDetailedMonitoringEnabled.ts @@ -74,6 +74,9 @@ export class EC2InstanceDetailedMonitoringEnabled implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if (instance.Monitoring?.State === 'enabled') { compliantResources.push(instance.InstanceId!); } else { diff --git a/src/bpsets/ec2/EC2InstanceManagedBySystemsManager.ts b/src/bpsets/ec2/EC2InstanceManagedBySystemsManager.ts index eb929fa..db9992f 100644 --- a/src/bpsets/ec2/EC2InstanceManagedBySystemsManager.ts +++ b/src/bpsets/ec2/EC2InstanceManagedBySystemsManager.ts @@ -84,6 +84,9 @@ export class EC2InstanceManagedBySystemsManager implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if (managedInstanceIds?.includes(instance.InstanceId!)) { compliantResources.push(instance.InstanceId!); } else { diff --git a/src/bpsets/ec2/EC2InstanceProfileAttached.ts b/src/bpsets/ec2/EC2InstanceProfileAttached.ts index 793ffa5..5d493b5 100644 --- a/src/bpsets/ec2/EC2InstanceProfileAttached.ts +++ b/src/bpsets/ec2/EC2InstanceProfileAttached.ts @@ -81,6 +81,9 @@ export class EC2InstanceProfileAttached implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if (instance.IamInstanceProfile) { compliantResources.push(instance.InstanceId!); } else { diff --git a/src/bpsets/ec2/EC2NoAmazonKeyPair.ts b/src/bpsets/ec2/EC2NoAmazonKeyPair.ts index f2b5d36..a749b2e 100644 --- a/src/bpsets/ec2/EC2NoAmazonKeyPair.ts +++ b/src/bpsets/ec2/EC2NoAmazonKeyPair.ts @@ -68,6 +68,9 @@ export class EC2NoAmazonKeyPair implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if (instance.KeyName) { nonCompliantResources.push(instance.InstanceId!); } else { diff --git a/src/bpsets/ec2/EC2TokenHopLimitCheck.ts b/src/bpsets/ec2/EC2TokenHopLimitCheck.ts index d9db6fe..cd6d754 100644 --- a/src/bpsets/ec2/EC2TokenHopLimitCheck.ts +++ b/src/bpsets/ec2/EC2TokenHopLimitCheck.ts @@ -75,6 +75,9 @@ export class EC2TokenHopLimitCheck implements BPSet { for (const reservation of response.Reservations || []) { for (const instance of reservation.Instances || []) { + if (instance.State?.Name === 'terminated') + continue + if ( instance.MetadataOptions?.HttpPutResponseHopLimit && instance.MetadataOptions.HttpPutResponseHopLimit < 2