Rule: EC2 Instance Detailed Monitoring Should Be Enabled

This rule ensures that detailed monitoring is enabled for EC2 instances.

Rule	EC2 instance detailed monitoring should be enabled
Framework	NIST 800-53 Revision 4
Severity	✔ Medium

EC2 Instance Detailed Monitoring for NIST 800-53 Revision 4

Rule Description:

EC2 instance detailed monitoring enables enhanced monitoring for Amazon Elastic Compute Cloud (EC2) instances. This is important for compliance with the security controls defined in the National Institute of Standards and Technology (NIST) 800-53 Revision 4.

Troubleshooting Steps:

If you encounter any issues while enabling detailed monitoring or if the monitoring data is not being recorded properly, follow these troubleshooting steps:

1.

Check if the EC2 instance is running: Ensure that the EC2 instance associated with the monitored resource is in a running state. If the instance is terminated or stopped, detailed monitoring cannot be enabled.

2.
Verify IAM permissions: Make sure that you have the necessary IAM permissions to enable detailed monitoring. The IAM user or role should have the
```
cloudwatch:EnableDetailedMonitoring
```
action allowed.

3.

Check if CloudWatch agent is installed: Ensure that the CloudWatch agent is properly installed on the EC2 instance. Detailed monitoring relies on the CloudWatch agent to collect and send the monitoring data.

4.
Restart CloudWatch agent: If the CloudWatch agent is installed but not functioning as expected, try restarting the agent on the instance. This can be done using the following command:
```
sudo service amazon-cloudwatch-agent restart
```
After restarting, monitor the logs to ensure a successful restart.

5.
Validate CloudWatch agent configuration: Review the CloudWatch agent configuration file (
```
/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
```
) to ensure it is correctly set up. Check if the metrics you want to monitor are specified in the configuration.

6.
Monitor CloudWatch agent logs: Check the CloudWatch agent logs (
```
/var/log/amazon-cloudwatch-agent.log
```
) for any errors or warnings that could indicate issues with detailed monitoring. If you spot any errors in the logs, address them accordingly.

7.
Confirm IAM permissions for sending data: Ensure that the IAM role or user associated with the EC2 instance has the necessary permissions to send monitoring data to CloudWatch. The IAM entity should have the
```
cloudwatch:PutMetricData
```
action allowed.

Necessary Code:

In order to enable EC2 instance detailed monitoring, you can use the AWS Command Line Interface (CLI) or AWS SDKs to execute the following code:

aws cloudwatch put-metric-alarm --alarm-name <alarm_name> --alarm-description "Detailed monitoring for NIST 800-53 compliance" --metric-name DetailedMonitoring --namespace AWS/EC2 --statistic SampleCount --period 60 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --dimensions Name=InstanceId,Value=<instance_id> --evaluation-periods 1 --alarm-actions <action_arn> --unit Count --profile <aws_profile_name>

Replace the following placeholders:

```
<alarm_name>
```
: The desired name for the alarm.
```
<instance_id>
```
: The ID of the EC2 instance to enable detailed monitoring for.
```
<action_arn>
```
: The Amazon Resource Name (ARN) of the action to perform when the alarm state changes.
```
<aws_profile_name>
```
: (Optional) The name of the AWS profile to use for authentication.

Step-by-Step Guide for Remediation:

1.

Open the AWS Management Console and go to the EC2 Dashboard.

2.

Select the EC2 instance that needs detailed monitoring enabled.

3.

Click on "Actions" and choose "Monitoring" from the dropdown menu.

4.

In the "Monitoring" section, click on the "Enable Detailed Monitoring" button.

5.

Confirm the action by clicking the "Enable" button in the confirmation dialog.

6.

Once enabled, the EC2 instance will start collecting more granular monitoring data.

7.

To verify that detailed monitoring is enabled, go to the CloudWatch service in the AWS Management Console.

8.

In the CloudWatch dashboard, navigate to the "Alarms" section and check if an alarm named "DetailedMonitoring" exists for the specific EC2 instance.

9.

If the alarm doesn't exist, try enabling detailed monitoring again or refer to the troubleshooting steps above to resolve any issues.

10.

Once you have confirmed that detailed monitoring is enabled and functioning correctly, regularly review the monitoring data to ensure compliance with NIST 800-53 Revision 4.

Note: Enabling detailed monitoring may incur additional costs, as it generates and stores more metrics data. Remember to consider the impact on your AWS billing.

Rule: EC2 Instance Detailed Monitoring Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Code:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now