Control: 2.6 Ensure detailed monitoring is enable for production EC2 Instances
Description
Ensure that detailed monitoring is enabled for your Amazon EC2 instances.
Monitoring is an important part of maintaining the reliability, availability, and performance of your Amazon EC2 instances.
Remediation
From Console:
- Login to EC2 using https://console.aws.amazon.com/ec2/.
- On the left Click
INSTANCES, clickInstances. - Select the
EC2 instanceyou want to review. - Select the
Monitoringtab. - Click on 'Enable Detailed Monitoring`.
- Click on
Yes, Enable. - Repeat steps no. 3 – 6 for any other instances that require detailed monitoring to be enabled.
From the CLI:
- Run the monitor-instances command using the list of instances collected in the audit.
aws ec2 monitor-instances --instance-ids <i-instancename>
- The output will show 'state: pending'.
- Wait a few minutes and run the same command again for that instance and it will show enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_6Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_compute_service_v100_2_6 --shareSQL
This control uses a named query:
ec2_instance_detailed_monitoring_enabled