Rule: EC2 Instance Detailed Monitoring Should Be Enabled
This rule emphasizes enabling detailed monitoring for EC2 instances to ensure optimal performance and security.
| Rule | EC2 instance detailed monitoring should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ Medium |
Rule/Policy Description:
According to the FedRAMP (Federal Risk and Authorization Management Program) Moderate Revision 4 guidelines, EC2 instances must have detailed monitoring enabled. This requirement is aimed at enhancing the security and compliance posture of the AWS infrastructure.
Troubleshooting Steps (if required):
If you encounter any issues while enabling detailed monitoring on an EC2 instance, follow these troubleshooting steps:
- 1.Ensure that you have the necessary permissions to modify EC2 instance settings. Check if you have the required IAM (Identity and Access Management) policies attached to your user or role.
- 2.Verify that the EC2 instance is in the "running" state. You can check the instance state using the AWS Management Console or CLI.
- 3.Check if the EC2 instance is already enabled for detailed monitoring. If it is, try disabling and re-enabling it to reset any potential configuration issues.
- 4.Verify that the EC2 instance's IAM role has appropriate permissions to publish CloudWatch metrics and logs.
- 5.If the troubleshooting steps above do not resolve the issue, contact AWS Support for further assistance.
Necessary Codes (if any):
There are no specific codes required for enabling detailed monitoring on EC2 instances, as it can be done through the AWS Management Console or AWS CLI.
Step-by-Step Guide for Remediation:
To enable detailed monitoring on an EC2 instance for FedRAMP Moderate Revision 4 compliance, follow these steps:
- 1.
AWS Management Console:
- 1.Open the AWS Management Console and navigate to the EC2 service.
- 2.Select the desired EC2 instance from the list.
- 3.In the "Monitoring" tab of the instance details page, click on "Configure detailed monitoring".
- 4.Select the checkbox to enable detailed monitoring.
- 5.Click on "Save" to apply the changes.
- 2.
AWS CLI:
- 1.
Open your preferred terminal or command prompt.
- 2.
Use the following AWS CLI command to enable detailed monitoring on an EC2 instance:
aws ec2 monitor-instances --instance-ids <instance-id>Replace
with the actual ID of the EC2 instance you wish to enable detailed monitoring for.<instance-id> - 3.
The command will return a response confirming the update to the instance's monitoring settings.
By following the above steps, you have successfully enabled detailed monitoring on the specified EC2 instance as per the FedRAMP Moderate Revision 4 requirements.