Ensure there is an Amazon CloudWatch alarm set up in your AWS account that is triggered each time an EC2 large instance is created. This CloudWatch alarm must fire and send email notifications every time an AWS API call is made to provision a 4xlarge or 8xlarge EC2 instance.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using Amazon CloudWatch alarms to detect EC2 large instance launches will help you manage better your heavy compute resources and avoid any unexpected charges on your AWS bill.
Note 1: For this rule Cloud Conformity assumes that the CloudTrail service is already enabled to stream event log data to CloudWatch within your AWS account, otherwise see this rule to enable AWS Cloudtrail – CloudWatch integration.
Note 2: You have also the option to implement this conformity rule with AWS CloudFormation. Download the required CloudFormation template from this URL and follow the AWS instructions available here.
To determine if there are any CloudWatch alarms set up to monitor AWS EC2 4xlarge/8xlarge instances status changes, perform the following:
Remediation / Resolution
Step 1: Create a Simple Notification Service (SNS) topic and the necessary subscription to send notifications whenever the appropriate Amazon CloudWatch alarm is triggered.
Step 2: Create the necessary metric filter and the CloudWatch alarm that will fire and send email notifications whenever an AWS EC2 4xlarge or 8xlarge instance is created.
- AWS Documentation
- Amazon CloudWatch Concepts
- Creating CloudWatch Alarms for CloudTrail Events
- Create a Topic
- Subscribe to a Topic
- Using an AWS CloudFormation Template to Create CloudWatch Alarms
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EC2 Large Instance Changes Alarm
Risk level: Medium