Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1598Benchmarks
674Queries
9Variables
GitHub

Control: 2.6 Ensure detailed monitoring is enable for production EC2 Instances

Description

Ensure that detailed monitoring is enabled for your Amazon EC2 instances.

Monitoring is an important part of maintaining the reliability, availability, and performance of your Amazon EC2 instances.

Remediation

From Console:

  1. Login to EC2 using https://console.aws.amazon.com/ec2/.
  2. On the left Click INSTANCES, click Instances.
  3. Select the EC2 instance you want to review.
  4. Select the Monitoring tab.
  5. Click on 'Enable Detailed Monitoring`.
  6. Click on Yes, Enable.
  7. Repeat steps no. 3 – 6 for any other instances that require detailed monitoring to be enabled.

From the CLI:

  1. Run the monitor-instances command using the list of instances collected in the audit.
aws ec2 monitor-instances --instance-ids <i-instancename>
  1. The output will show 'state: pending'.
  2. Wait a few minutes and run the same command again for that instance and it will show enabled.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_2_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_2_6 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when monitoring_state = 'enabled' then 'ok'
    else 'alarm'
  end as status,
  case
    when monitoring_state = 'enabled' then instance_id || ' detailed monitoring enabled.'
    else instance_id || ' detailed monitoring disabled.'
  end as reason
  
  , region, account_id
from
  aws_ec2_instance;

Tags

category = Compliance
cis = true
cis_item_id = 2.6
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/EC2