Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Health Events

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium
Rule ID: HEALTH-001

Provides ongoing visibility into the health state of your AWS resources and services in order to keep you fully aware of what is happening within your AWS account from the availability and performance standpoint.
AWS Health gives you awareness by posting health alerts and notifications in real-time to your Personal Health Dashboard (PHD), as well as remediation guidance that can help you accelerate troubleshooting.
AWS Health is mostly used as a resource change management and notification center for events such as outages, underlying hosts being retired, underlying hosts going down and for all kind of unreachability alerts triggered for AWS resources. Health is also used for planning out operating system (OS) updates, regular maintenance and manual backups that need to be taken due to potential incidents.

This rule can help you with the following compliance standards:

  • NIST4

For further details on compliance standards supported by Conformity, see here.

This rule can help you work with the AWS Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Performance
efficiency

Getting alerts and remediation guidance when AWS is experiencing problems that may impact your cloud environment enables you to take immediate actions to address events that are impacting your AWS resources and services. For example, in the event of an underlying hardware failure that affects one of your EBS volumes, your alert would include a list of the affected resource(s), a recommendation to restore your EBS volume and links to the necessary documentation that will help you restore it safely from a snapshot - a targeted and actionable alert like this reduces the time needed to resolve the issue. Alerts triggered for this type of issues, scheduled changes and other important notifications are also available within your Cloud Conformity account as result of the Real-Time Threat Monitoring and Analysis (RTMA) engine integration with the AWS Health service. With RTMA - Health integration you can receive health events directly on your Cloud Conformity dashboard in real-time and get notifications via the following communication channels: Email, SMS, PageDuty, Slack, JIRA and ServiceNow.


AWS Health provides three ways that you can use to gain visibility into the health state of your AWS account:

Using AWS Console

01 AWS Personal Health Dashboard (PHD)

AWS Personal Health Dashboard (PHD)

The AWS PHD, powered by the Health API, displays information about AWS Health events that can affect your AWS environment and gives you a personalized view into the performance and the availability of the services and resources that you are using, along with alerts that are automatically triggered by changes in the health of these services and resources.

The Health data is presented in two main ways: a dashboard that shows recent and upcoming events organized by category:

organized by category

and a full event log that shows all events from the past 90 days:

Event Log

The Personal Health Dashboard (PHD) is available to all AWS customers without need to write code or perform any actions to set up the dashboard.

02 AWS Service Health Dashboard (SHD)

AWS Service Health Dashboard

The AWS SHD console provides access to the Amazon Web Services current (regional) status by providing up-to-the-minute information on its services availability and displays historical data about each and every service for the last 35 days. Unlike Personal Health Dashboard, where you can view a personalized view of AWS services health, the Service Health Dashboard displays the general status of AWS services and is publicly available at http://status.aws.amazon.com. Users can check this page at any time to get the latest status information or subscribe to an RSS feed to be notified of interruptions to each individual AWS service.

03 In-house and 3rd-party integration:
In addition to PHD and SHD, the Health service provides seamless integration with in-house and third-party systems, through Health API, for all AWS Support customers who have the Business or Enterprise support plan enabled.
Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine is also utilizing the AWS Health API to get health events in real-time and fully integrate with the service. In this way you can be notified in one place for everything that happens in your AWS account(s), taking much of the hassle out when managing your entire Amazon Web Services ecosystem. Using this integration, any AWS health issues, scheduled changes or other types of notifications generated by the Health service are available on Cloud Conformity dashboard. There are three types of health events that can be monitored: issues, account notifications and scheduled changes. As Cloud Conformity customer, you can configure the risk/severity level for each type of event that you want to monitor with the RTMA - Health integration. For example, you can set the severity to "Very High" for the issues event type and "High" for the scheduled changes type. Also, the communication channels for receiving all these types of notifications can be easily configured within your Cloud Conformity account. The list of supported communication channels that you can use to receive health alerts and notifications are SMS, PageDuty, Slack, Email, JIRA, ServiceNow, etc.
As in-house integration, you can use AWS CloudWatch to notify you when AWS Health events are posted. The integration will utilize CloudWatch Events rules to get all the events from the Health service events stream and invoke a Lambda function when a health event that matches your CloudWatch event pattern is triggered. Note that CloudWatch will report only health events that are specific to your AWS account. Regional availability of services that are not characteristic to your AWS environment will not be published to CloudWatch Events as these types of events are posted only to the AWS Service Health Dashboard (SHD). The health events that have the word "operational" in the title, posted on your Personal Health Dashboard (PHD), are examples of regional events that will not trigger an AWS CloudWatch Events rule, where as other events such as unreachable EBS volumes, EC2 instance retirements or other scheduled events will trigger a CloudWatch Events rule. To get the health events posted on the Service Health Dashboard as well, you can subscribe to an RSS feed that will notify you about interruptions to each individual service within specific AWS regions.

References

Publication date Jan 9, 2018