Ensure that detailed monitoring is enabled for your Amazon EC2 instances in order to have enough monitoring data to help you make better decisions on architecting and managing compute resources within your AWS account. By default, whenever an EC2 instance is launched, AWS CloudWatch enables basic monitoring for that instance. The basic monitoring level collects monitoring data in 5 minute periods. To increase this level and make the monitoring data available at 1-minute periods, you must specifically enable it for your instance(s). With detailed monitoring, you can also get aggregated data across groups of similar EC2 instances.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
With detailed monitoring enabled, you would be able manage better your EC2 resources. For example, you would be able to upgrade or downgrade faster the instance type based on its workload, get trends that you might possibly not be able to see with the basic monitoring and create CloudWatch alarms for time periods of 1 minute and take advantage of notifying you earlier on instead of waiting for a 5 minute period.
Note: It is recommended to enable detailed monitoring only for the instances that you need to monitor closely (e.g. critical and production instances), therefore the exceptions can be suppressed on Cloud Conformity dashboard.
To determine if your AWS EC2 instances have the detailed monitoring feature enabled, perform the following:
Remediation / Resolution
To enable detailed monitoring for your existing Amazon EC2 instances, perform the following commands:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
EC2 Instance Detailed Monitoring
Risk level: Low