More Info:

Detailed monitoring should be enabled on EC2 instances.

Risk Level

Informational

Address

Operational Efficiency

Compliance Standards

NIST, SOC2, HITRUST

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS console, please follow the below steps:Step 1: Login to AWS console using your credentials.Step 2: Go to the EC2 dashboard by clicking on the EC2 service from the AWS console home page.Step 3: From the left-hand side panel, select “Instances” to view all the instances in the region.Step 4: Select the instance for which you want to enable detailed monitoring.Step 5: Right-click on the instance and select “Monitor and troubleshoot” from the drop-down list.Step 6: Click on “Enable detailed monitoring” from the list.Step 7: A pop-up will appear asking you to confirm the action, click on “Enable” to enable detailed monitoring.Step 8: Once the detailed monitoring is enabled, you can view the metrics by selecting the instance and clicking on the “Monitoring” tab from the bottom panel.Step 9: You can also enable detailed monitoring for multiple instances at once by selecting them and clicking on the “Actions” button from the top panel and selecting “Monitor with CloudWatch” from the drop-down list.Step 10: Click on “Enable detailed monitoring” and confirm the action.By following these steps, you can remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS console.

To remediate the misconfiguration “Detailed Monitoring for EC2 Instances Should Be Enabled” for AWS using AWS CLI, follow the steps below:
  1. Open the AWS CLI on your local machine or EC2 instance.
  2. Run the following command to enable detailed monitoring for all EC2 instances in the default region: 
aws ec2 monitor-instances --instance-ids $(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text)
This command uses the aws ec2 describe-instances command to list all EC2 instances in the default region, and the aws ec2 monitor-instances command to enable detailed monitoring for each instance.
  1. If you want to enable detailed monitoring for specific instances, you can replace $(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text) with a comma-separated list of instance IDs.
aws ec2 monitor-instances --instance-ids i-1234567890abcdef0,i-0987654321fedcba0
  1. Verify that detailed monitoring is enabled for the instances by running the following command:
aws ec2 describe-instances --instance-ids $(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text) --query 'Reservations[].Instances[].Monitoring.State'
This command uses the aws ec2 describe-instances command to list the monitoring state for each instance.If the monitoring state is disabled, wait a few minutes and run the command again to verify that it has been enabled.By following these steps, you can remediate the “Detailed Monitoring for EC2 Instances Should Be Enabled” misconfiguration for AWS using AWS CLI.
To remediate the misconfiguration of detailed monitoring for EC2 instances not being enabled in AWS using python, you can follow the below steps:
  1. Import the necessary libraries:
import boto3
  1. Create a boto3 client for EC2:
ec2 = boto3.client('ec2')
  1. Get a list of all EC2 instances:
instances = ec2.describe_instances()
  1. Loop through each instance and check if detailed monitoring is enabled or not:
for reservation in instances['Reservations']:
    for instance in reservation['Instances']:
        instance_id = instance['InstanceId']
        monitoring = instance['Monitoring']['State']
        if monitoring == 'disabled':
            # Enable detailed monitoring for the instance
            ec2.monitor_instances(InstanceIds=[instance_id])
  1. If detailed monitoring is disabled for an instance, enable it using the monitor_instances method of the EC2 client.
  2. Once detailed monitoring is enabled, you can verify it by checking the monitoring state of the instance using the describe_instances method.
  3. You can also create a CloudWatch alarm to monitor the status of detailed monitoring for all EC2 instances and get notified if it is disabled.
By following these steps, you can remediate the misconfiguration of detailed monitoring for EC2 instances not being enabled in AWS using python.

Additional Reading: