Enable rule for EC2 instance detailed monitoring
This rule ensures detailed monitoring is enabled for EC2 instances.
| Rule | EC2 instance detailed monitoring should be enabled |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description
Enabling detailed monitoring for EC2 instances is an important security measure to meet the requirements of NIST 800-53 Revision 4. Detailed monitoring provides a higher level of visibility into the performance metrics of your EC2 instances, allowing you to closely monitor their health and performance. This rule ensures that detailed monitoring is enabled for all EC2 instances, helping you meet the compliance requirements of NIST 800-53.
Troubleshooting Steps
If detailed monitoring is not enabled for an EC2 instance, follow these troubleshooting steps to resolve the issue:
- 1.
Confirmation: Verify if detailed monitoring is actually disabled for the EC2 instance in question. You can check this by viewing the instance details in the AWS Management Console or by using the AWS Command Line Interface (CLI).
- 2.
Permission Issues: Ensure that you have the necessary permissions to modify the monitoring settings for the EC2 instance. Check if you have the required IAM (Identity and Access Management) permissions to enable detailed monitoring.
- 3.
Monitoring Configuration: Review the configuration of your EC2 instances to ensure that detailed monitoring is not explicitly disabled in the instance launch parameters or any auto-scaling configuration.
- 4.
Instance Type Compatibility: Detailed monitoring is supported for most of the instance types, but there are a few limited instance families that do not support it. Check if the instance type you are using supports detailed monitoring. If not, consider migrating to a compatible instance type.
- 5.
AWS CLI: If the above steps did not resolve the issue, you can try enabling detailed monitoring using the AWS CLI. Ensure that you have the AWS CLI installed and configured properly.
Necessary Codes
There are no specific codes required to enable detailed monitoring for EC2 instances as it can be done through the management console or AWS CLI.
Step-by-Step Guide for Remediation
To enable detailed monitoring for EC2 instances, follow these step-by-step instructions:
Using AWS Management Console:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the EC2 Dashboard.
- 3.Select the EC2 instance for which you want to enable detailed monitoring.
- 4.Click on the "Actions" dropdown menu.
- 5.Select "Monitoring" and then click on "Enable detailed monitoring".
- 6.The detailed monitoring will now be enabled for the selected EC2 instance.
Using AWS CLI:
- 1.Open the terminal or command prompt.
- 2.Install and configure AWS CLI if you haven't already.
- 3.Run the following command to enable detailed monitoring for the desired EC2 instance, replacing the
with the actual ID of the instance:instance-id
aws ec2 monitor-instances --instance-ids instance-id
- 1.The detailed monitoring will now be enabled for the specified EC2 instance.
Following these steps will ensure that detailed monitoring is enabled for the EC2 instances, helping you meet the NIST 800-53 Revision 4 compliance requirements.