Rule: EC2 Instance Detailed Monitoring Should Be Enabled
This rule specifies that EC2 instance detailed monitoring must be enabled for compliance.
| Rule | EC2 instance detailed monitoring should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description:
EC2 instance detailed monitoring is a feature provided by Amazon Web Services (AWS) that enables enhanced monitoring for EC2 instances. This rule ensures that detailed monitoring is enabled for EC2 instances in compliance with the NIST 800-171 Revision 2 security standard.
Detailed Description:
NIST 800-171 Revision 2 is a publication by the National Institute of Standards and Technology (NIST) that defines security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal information systems and organizations. To comply with this standard, it is essential to enable detailed monitoring for EC2 instances, which provides more granular visibility into system-level metrics and instance-level operating system metrics.
Troubleshooting Steps:
- 1.Check if detailed monitoring is already enabled for the EC2 instance.
- 2.If not enabled, check if the EC2 instance meets the requirements for detailed monitoring. Instances must be running a supported Amazon Linux, Windows, or Amazon RHEL operating system.
- 3.Verify the IAM role used by the instance has the necessary permissions to enable detailed monitoring.
- 4.If an IAM role isn't assigned, check the EC2 instance's security group or network access control list (ACL) to ensure there are no restrictions on outbound access to the required AWS services.
- 5.If the issue persists, review the instance logs and CloudTrail logs for any relevant error messages.
Necessary Codes:
No specific code is required for this rule. However, the AWS CLI (Command Line Interface) can be used to enable detailed monitoring if necessary.
Step-by-step Guide for Remediation:
- 1.Open the AWS Management Console and navigate to the EC2 Dashboard.
- 2.Select the EC2 instance for which you want to enable detailed monitoring.
- 3.Click on the "Actions" button in the top menu and select "Monitor and troubleshoot."
- 4.In the drop-down menu, click on "Enable detailed monitoring."
- 5.Review the confirmation message and click on "Yes, Enable."
- 6.Wait for a few minutes for the detailed monitoring to be enabled.
- 7.Verify the status by selecting the instance, navigating to the "Monitoring" tab, and ensuring that "Detailed monitoring" is listed as "Enabled."
Note: If you prefer to use the AWS CLI to enable detailed monitoring, follow these steps:
- 1.
Open your preferred terminal or command prompt.
- 2.
Install and configure the AWS CLI, if not already done.
- 3.
Run the following command to enable detailed monitoring for an EC2 instance:
aws cloudwatch enable-insight-rules --namespace "AWS/EC2" --metric-name "StatusCheckFailed_Instance" --region us-west-2Make sure to replace
with the appropriate region where your EC2 instance is located.us-west-2This command enables detailed monitoring for the EC2 instance specifically for the "StatusCheckFailed_Instance" metric.
- 4.
Verify the status by selecting the instance, navigating to the "Monitoring" tab, and ensuring that "Detailed monitoring" is listed as "Enabled."
By following these steps, you will successfully enable detailed monitoring for your EC2 instance in compliance with NIST 800-171 Revision 2.