EC2 Instance Monitoring Disabled
- Query id: 23b70e32-032e-4fa6-ba5c-82f56b9980e6
- Query name: EC2 Instance Monitoring Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
EC2 Instance should have detailed monitoring enabled. With detailed monitoring enabled data is available in 1-minute periods
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "monitoring_positive1" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
tags = {
Name = "HelloWorld"
}
}
Positive test num. 2 - tf file
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "monitoring_positive2" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
monitoring = false
tags = {
Name = "HelloWorld"
}
}
Positive test num. 3 - tf file
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
associate_public_ip_address = false
tags = {
Terraform = "true"
Environment = "dev"
}
}
Positive test num. 4 - tf file
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = false
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
associate_public_ip_address = false
tags = {
Terraform = "true"
Environment = "dev"
}
}
Positive test num. 5 - json file
{
"//": {
"metadata": {
"backend": "local",
"stackName": "cdktf-test",
"version": "0.9.0"
},
"outputs": {}
},
"provider": {
"aws": [
{
"region": "us-east-1"
}
]
},
"resource": {
"aws_instance": {
"cdktf-test": {
"//": {
"metadata": {
"path": "cdktf-test/cdktf-test",
"uniqueId": "cdktf-test"
}
},
"ami": "ami-1212f123",
"instance_type": "t2.micro",
"monitoring": false
}
}
},
"terraform": {
"backend": {
"local": {
"path": "/terraform.cdktf-test.tfstate"
}
},
"required_providers": {
"aws": {
"source": "aws",
"version": "~> 3.0"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "monitoring_negative1" {
ami = data.aws_ami.ubuntu.id
monitoring = true
instance_type = "t3.micro"
tags = {
Name = "HelloWorld"
}
}
Negative test num. 2 - tf file
module "ec2_instance" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 3.0"
name = "single-instance"
ami = "ami-ebd02392"
instance_type = "t2.micro"
key_name = "user1"
monitoring = true
vpc_security_group_ids = ["sg-12345678"]
subnet_id = "subnet-eddcdzz4"
associate_public_ip_address = false
tags = {
Terraform = "true"
Environment = "dev"
}
}
Negative test num. 3 - json file
{
"//": {
"metadata": {
"backend": "local",
"stackName": "cdktf-test",
"version": "0.9.0"
},
"outputs": {}
},
"provider": {
"aws": [
{
"region": "us-east-1"
}
]
},
"resource": {
"aws_instance": {
"cdktf-test": {
"//": {
"metadata": {
"path": "cdktf-test/cdktf-test",
"uniqueId": "cdktf-test"
}
},
"ami": "ami-1212f123",
"instance_type": "t2.micro",
"monitoring": true
}
}
},
"terraform": {
"backend": {
"local": {
"path": "/terraform.cdktf-test.tfstate"
}
},
"required_providers": {
"aws": {
"source": "aws",
"version": "~> 3.0"
}
}
}
}