EC2 instance monitoring disabled
Ce produit n'est pas pris en charge par le
site Datadog que vous avez sélectionné. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: 23b70e32-032e-4fa6-ba5c-82f56b9980e6
Cloud Provider: AWS
Platform: Terraform
Severity: Medium
Category: Observability
Learn More
Description
Enabling detailed monitoring on EC2 instances ensures that Amazon CloudWatch captures metrics every minute, rather than the default five-minute interval. This is achieved in Terraform by setting the monitoring attribute to true within the aws_instance resource. Without detailed monitoring (monitoring = false or omitted), operational visibility is significantly reduced, which can delay the detection of performance issues, outages, or security incidents. If this vulnerability is left unaddressed, administrators may miss critical events or be unable to react promptly to changes in resource behavior, potentially leading to service disruptions or undiagnosed anomalies.
Compliant Code Examples
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = true
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
associate_public_ip_address = false
tags = {
Terraform = "true"
Environment = "dev"
}
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "monitoring_negative1" {
ami = data.aws_ami.ubuntu.id
monitoring = true
instance_type = "t3.micro"
tags = {
Name = "HelloWorld"
}
}
{
"//": {
"metadata": {
"backend": "local",
"stackName": "cdktf-test",
"version": "0.9.0"
},
"outputs": {}
},
"provider": {
"aws": [
{
"region": "us-east-1"
}
]
},
"resource": {
"aws_instance": {
"cdktf-test": {
"//": {
"metadata": {
"path": "cdktf-test/cdktf-test",
"uniqueId": "cdktf-test"
}
},
"ami": "ami-1212f123",
"instance_type": "t2.micro",
"monitoring": true
}
}
},
"terraform": {
"backend": {
"local": {
"path": "/terraform.cdktf-test.tfstate"
}
},
"required_providers": {
"aws": {
"source": "aws",
"version": "~> 3.0"
}
}
}
}
Non-Compliant Code Examples
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "monitoring_positive2" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
monitoring = false
tags = {
Name = "HelloWorld"
}
}
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
associate_public_ip_address = false
tags = {
Terraform = "true"
Environment = "dev"
}
}
{
"//": {
"metadata": {
"backend": "local",
"stackName": "cdktf-test",
"version": "0.9.0"
},
"outputs": {}
},
"provider": {
"aws": [
{
"region": "us-east-1"
}
]
},
"resource": {
"aws_instance": {
"cdktf-test": {
"//": {
"metadata": {
"path": "cdktf-test/cdktf-test",
"uniqueId": "cdktf-test"
}
},
"ami": "ami-1212f123",
"instance_type": "t2.micro",
"monitoring": false
}
}
},
"terraform": {
"backend": {
"local": {
"path": "/terraform.cdktf-test.tfstate"
}
},
"required_providers": {
"aws": {
"source": "aws",
"version": "~> 3.0"
}
}
}
}
