Rule: EC2 Instance Detailed Monitoring Should Be Enabled
Check if detailed monitoring is enabled for EC2 instances to ensure effective monitoring and management.
| Rule | EC2 instance detailed monitoring should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Medium |
Rule Description
The NIST Cybersecurity Framework (CSF) is a set of guidelines that provides organizations with a framework for managing and mitigating cybersecurity risks. One of the recommendations in the CSF is to enable detailed monitoring for EC2 instances.
Enabling detailed monitoring on EC2 instances allows for collecting additional system-level metrics at a higher frequency, which can provide greater visibility into the performance and health of the instances. This enhanced monitoring helps organizations identify potential security issues, proactively troubleshoot infrastructure problems, and optimize resource utilization.
Troubleshooting Steps
If there are any issues related to enabling detailed monitoring for EC2 instances, you can follow these troubleshooting steps:
- 1.Check EC2 instance state: Ensure that the EC2 instance is in a running state. Detailed monitoring can only be enabled on running instances.
- 2.Verify instance permissions: Make sure that the IAM role or user's permissions include the necessary actions to enable detailed monitoring. The user or role should have the
andcloudwatch:PutMetricAlarm
permissions.cloudwatch:PutMetricData - 3.Check CloudWatch alarms: If there are existing CloudWatch alarms associated with the EC2 instance, ensure that they are not preventing detailed monitoring from being enabled. Some alarms may interfere with or override detailed monitoring settings.
- 4.Review CloudTrail logs: Consult the CloudTrail logs to identify any possible errors or issues related to enabling detailed monitoring. Look for any error messages or access-related issues that can help troubleshoot the problem.
- 5.Contact AWS Support: If the issue persists or if you encounter any technical difficulties, contact AWS Support for further assistance. Provide them with the specific details of the problem and any relevant error messages or logs for faster resolution.
Necessary Codes
No specific codes are required to enable detailed monitoring for EC2 instances. Instead, this can be done through the AWS Management Console or using the AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation
To enable detailed monitoring for an EC2 instance, follow these steps:
- 1.
Using AWS Management Console:
- Open the EC2 dashboard in the AWS Management Console.
- Select the desired EC2 instance from the instance list.
- Click on the "Actions" dropdown menu.
- Choose "Monitor and troubleshoot" and then "Enable detailed monitoring."
- Confirm the action by clicking "Enable" in the confirmation dialog.
- 2.
Using AWS CLI:
- Open a terminal or command prompt.
- Run the following AWS CLI command, replacing
with the actual ID of the EC2 instance you want to enable detailed monitoring for:instance-id
aws cloudwatch put-metric-alarm --alarm-name my-ec2-instance-detailed-monitoring-alarm --alarm-actions action-name --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 60 --threshold 70 --comparison-operator GreaterThanThreshold --evaluation-periods 5 --alarm-description "Alarm when CPU exceeds 70 percent" --unit Percent --dimensions Name=InstanceId,Value=<instance-id>- This command creates a CloudWatch alarm that automatically enables detailed monitoring for the specified EC2 instance when certain conditions (e.g., CPU utilization exceeding 70%) are met.
Enabling detailed monitoring for EC2 instances based on the NIST Cybersecurity Framework can help organizations maintain a higher level of visibility and ensure better security for their infrastructure.