Description:

Ensure that detailed monitoring is enabled for your Amazon EC2 instances to have enough monitoring data to help you make better decisions on architecting and managing compute toresources within your AWS account. By default, whenever an EC2 instance is launched, AWS Cloud Watch enables basic monitoring for that instance. The basic monitoring level collects monitoring data in 5-minute periods. To increase this level and make the monitoring data available at 1-minute periods, you must specifically enable it for your instance(s). With detailed monitoring, you can also get aggregated data across groups of similar EC2 instances.


Rational:

To enable detailed monitoring for an instance, your IAM user must have permission to use the monitor instance API action. To turn off detailed monitoring for an instance, your IAM user must have permission to use the un monitor intense API section  


Impact:

Enabling detailed monitoring on an instance does not affect the monitoring of the EBS volumes attached to the instance. After you enable detailed monitoring, the Amazon EC2 console displays monitoring graphs with 1 minute for the instance. 

 

Default value:

By default, your instance is enabled for basic monitoring. 


Pre-requisites:

  • Before the implementation steps, you make sure that the instance has login permission must be there.

  • when we enable additional mentoring with additional charges apply by using AWS cloud watch services


Remediation:


Test Plan:

Step 1Sign into the AWS Management Console.

Step 2: Navigate to the EC2 dashboard at https://console.aws.amazon.com/ec2/.

Step 3: In the left navigation panel, under the INSTANCES section, choose Instances.

Step 4: Select the EC2 instance that you want to examine.

Step 5: Select the Monitoring tab from the dashboard bottom panel.

Step 6: Verify the Monitoring attribute value to determine the level of Cloud Watch metrics enabled for the instance. If the attribute value is set to basic, the selected AWS EC2 instance does not have the detailed monitoring feature enabled.


Remediation:

Implementation Steps:

Step 1: Sign into the AWS Management Console.

Step 2: Navigate to the EC2 dashboard at https://console.aws.amazon.com/ec2/.

Step 3: In the navigation panel, under the INSTANCES section, choose Instances.

Step 4: Select the EC2 instance that you want to monitor closely (see Audit section part I to identify the right resource).

Step 5: Click the Monitoring button from the menu, select Cloud Watch Metrics then click Enable Detailed Monitoring.

Step 6: Inside Enable Detailed Monitoring dialog box, review the action details and click Yes, enable to confirm the action.

Step 7: Click Close to return to the EC2 dashboard.

Using AWS CLI:

aws ec2 run-instances --image-id ami-09092360 --monitoring Enabled=true...


Backout plan:

To revoke the Change means to have basic monitoring follow the implementation steps and click on Disable Detailed Monitoring. 


References:

Monitor Amazon EC2 - Amazon Elastic Compute Cloud 

monitor-instances — AWS CLI 1.19.112 Command Reference