{
    "Behavior": "PROACTIVE",
    "ComplianceFrameworkMappings": [
        {
            "ComplianceFramework": "NIST 800-53 Rev 5",
            "Ids": [
                "CA-9(1)",
                "CM-2"
            ]
        },
        {
            "ComplianceFramework": "PCI DSS version 3.2.1",
            "Ids": [
                "2.2"
            ]
        }
    ],
    "ControlOwner": "AWS Control Tower",
    "DeploymentMechanism": "AWS CloudFormation Hook",
    "DeploymentOwner": "AWS Control Tower",
    "Description": "This control checks whether an EC2 dedicated host is configured to run using an AWS Nitro instance type or family.",
    "DisplayName": "Require an Amazon EC2 dedicated host to use an AWS Nitro instance type",
    "DocumentationReferences": [
        {
            "DisplayName": "Instances built on the Nitro System",
            "Type": "AWS Documentation",
            "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances"
        },
        {
            "DisplayName": "Instance capacity configurations",
            "Type": "AWS Documentation",
            "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html#dedicated-hosts-limits"
        }
    ],
    "EvaluatedResourceTypes": [
        "AWS::EC2::Host"
    ],
    "EvaluatedServices": [
        "Amazon EC2"
    ],
    "Groups": [
        "digital-sovereignty"
    ],
    "Guidance": "Elective",
    "Id": "CT.EC2.PR.17",
    "ImplementationType": "CloudFormation guard rule",
    "MinimumSupportedRuntimeVersion": "2.1",
    "Objectives": [
        {
            "Id": "CO.4",
            "Name": "Protect data integrity"
        },
        {
            "Id": "CO.5",
            "Name": "Enforce least privilege"
        }
    ],
    "RegionalPreference": "REGIONAL",
    "Relationships": [],
    "ReleaseDate": "2023-11-27",
    "RemediationMessage": "Set the value of the InstanceType property to an EC2 instance type that is based on the AWS Nitro system, and that supports dedicated hosts, or set the value of the InstanceFamily property to an EC2 instance family that is based on the AWS Nitro system, and that supports dedicated hosts and multiple instance types.",
    "Severity": "MEDIUM",
    "SupportedRegions": [
        "af-south-1",
        "ap-east-1",
        "ap-northeast-1",
        "ap-northeast-2",
        "ap-northeast-3",
        "ap-south-1",
        "ap-south-2",
        "ap-southeast-1",
        "ap-southeast-2",
        "ap-southeast-3",
        "ap-southeast-4",
        "ca-central-1",
        "eu-central-1",
        "eu-central-2",
        "eu-north-1",
        "eu-south-1",
        "eu-south-2",
        "eu-west-1",
        "eu-west-2",
        "eu-west-3",
        "il-central-1",
        "me-central-1",
        "me-south-1",
        "sa-east-1",
        "us-east-1",
        "us-east-2",
        "us-west-1",
        "us-west-2"
    ],
    "TargetOuType": "CUSTOM",
    "Version": "1",
    "Visibility": "PUBLIC"
}