Detailed Monitoring for EC2 Instances Should Be Enabled
More Info:
Detailed monitoring should be enabled on EC2 instances.Risk Level
InformationalAddress
Operational EfficiencyCompliance Standards
NIST, SOC2, HITRUSTTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS console, please follow the below steps:Step 1: Login to AWS console using your credentials.Step 2: Go to the EC2 dashboard by clicking on the EC2 service from the AWS console home page.Step 3: From the left-hand side panel, select “Instances” to view all the instances in the region.Step 4: Select the instance for which you want to enable detailed monitoring.Step 5: Right-click on the instance and select “Monitor and troubleshoot” from the drop-down list.Step 6: Click on “Enable detailed monitoring” from the list.Step 7: A pop-up will appear asking you to confirm the action, click on “Enable” to enable detailed monitoring.Step 8: Once the detailed monitoring is enabled, you can view the metrics by selecting the instance and clicking on the “Monitoring” tab from the bottom panel.Step 9: You can also enable detailed monitoring for multiple instances at once by selecting them and clicking on the “Actions” button from the top panel and selecting “Monitor with CloudWatch” from the drop-down list.Step 10: Click on “Enable detailed monitoring” and confirm the action.By following these steps, you can remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS console.
Using CLI
Using CLI
To remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS CLI, follow the steps below:This command uses the This command uses the
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to enable detailed monitoring for all EC2 instances in the default region:
aws ec2 describe-instances command to list all EC2 instances in the default region, and the aws ec2 monitor-instances command to enable detailed monitoring for each instance.- If you want to enable detailed monitoring for specific instances, you can replace
$(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text)with a comma-separated list of instance IDs.
- Verify that detailed monitoring is enabled for the instances by running the following command:
aws ec2 describe-instances command to list the monitoring state for each instance.If the monitoring state is disabled, wait a few minutes and run the command again to verify that it has been enabled.By following these steps, you can remediate the “Detailed Monitoring for EC2 Instances Should Be Enabled” misconfiguration for AWS using AWS CLI.Using Python
Using Python
To remediate the misconfiguration of detailed monitoring for EC2 instances not being enabled in AWS using python, you can follow the below steps:
- Import the necessary libraries:
- Create a boto3 client for EC2:
- Get a list of all EC2 instances:
- Loop through each instance and check if detailed monitoring is enabled or not:
-
If detailed monitoring is disabled for an instance, enable it using the
monitor_instancesmethod of the EC2 client. -
Once detailed monitoring is enabled, you can verify it by checking the monitoring state of the instance using the
describe_instancesmethod. - You can also create a CloudWatch alarm to monitor the status of detailed monitoring for all EC2 instances and get notified if it is disabled.