Ensure that detailed monitoring is enabled for your Amazon EC2 instances in order to have enough monitoring data to help you make better decisions on architecting and managing compute resources within your AWS cloud account. By default, whenever an EC2 instance is launched, AWS CloudWatch enables basic monitoring for that instance. The basic monitoring level collects monitoring data in 5-minute periods. To increase this level and make the monitoring data available at 1-minute periods or less, you must specifically enable detailed monitoring for your instance(s). With detailed monitoring, you can also get aggregated data across groups of similar instances.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
excellence
With detailed monitoring enabled, you would be able to manage better your Amazon EC2 resources. For example, you could upgrade or downgrade faster the instance type based on its workload, get trends that you might not be able to see with the basic monitoring tools, and create AWS CloudWatch alarms for time periods of 1 minute and take advantage of notifying you earlier for any EC2 instance issues.
Note: It's recommended to enable detailed monitoring only for the EC2 instances that you need to monitor closely (e.g. critical and production instances), therefore the exceptions can be suppressed on the Trend Micro Cloud One™ – Conformity console.
Audit
To determine if detailed monitoring is enabled for your Amazon EC2 instances, perform the following operations:
Remediation / Resolution
To enable Detailed Monitoring for your existing Amazon EC2 instances, perform the following operations:
References
- AWS Documentation
- Monitoring Amazon EC2
- Monitoring Your Instances Using CloudWatch
- Enable or Turn Off Detailed Monitoring for Your Instances
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-instances
- monitor-instances
- CloudFormation Documentation
- Amazon Elastic Compute Cloud resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EC2 Instance Detailed Monitoring
Risk Level: Low