EC2 Instance Monitoring Disabled

  • Query id: 23b70e32-032e-4fa6-ba5c-82f56b9980e6
  • Query name: EC2 Instance Monitoring Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Observability
EC2 Instance should have detailed monitoring enabled. With detailed monitoring enabled data is available in 1-minute periods

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

  filter {
    name   = "virtualization-type"
    values = ["hvm"]

  owners = ["099720109477"] # Canonical

resource "aws_instance" "monitoring_positive1" {
  ami           =
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
Positive test num. 2 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

  filter {
    name   = "virtualization-type"
    values = ["hvm"]

  owners = ["099720109477"] # Canonical

resource "aws_instance" "monitoring_positive2" {
  ami           =
  instance_type = "t3.micro"
  monitoring    = false

  tags = {
    Name = "HelloWorld"
Positive test num. 3 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"

Positive test num. 4 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = false
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"
Positive test num. 5 - json file
  "//": {
    "metadata": {
      "backend": "local",
      "stackName": "cdktf-test",
      "version": "0.9.0"
    "outputs": {}
  "provider": {
    "aws": [
        "region": "us-east-1"
  "resource": {
    "aws_instance": {
      "cdktf-test": {
        "//": {
          "metadata": {
            "path": "cdktf-test/cdktf-test",
            "uniqueId": "cdktf-test"
        "ami": "ami-1212f123",
        "instance_type": "t2.micro",
        "monitoring": false
  "terraform": {
    "backend": {
      "local": {
        "path": "/terraform.cdktf-test.tfstate"
    "required_providers": {
      "aws": {
        "source": "aws",
        "version": "~> 3.0"

Code samples without security vulnerabilities

Negative test num. 1 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

  filter {
    name   = "virtualization-type"
    values = ["hvm"]

  owners = ["099720109477"] # Canonical

resource "aws_instance" "monitoring_negative1" {
  ami           =
  monitoring    = true
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
Negative test num. 2 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = true
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"
Negative test num. 3 - json file
  "//": {
    "metadata": {
      "backend": "local",
      "stackName": "cdktf-test",
      "version": "0.9.0"
    "outputs": {}
  "provider": {
    "aws": [
        "region": "us-east-1"
  "resource": {
    "aws_instance": {
      "cdktf-test": {
        "//": {
          "metadata": {
            "path": "cdktf-test/cdktf-test",
            "uniqueId": "cdktf-test"
        "ami": "ami-1212f123",
        "instance_type": "t2.micro",
        "monitoring": true
  "terraform": {
    "backend": {
      "local": {
        "path": "/terraform.cdktf-test.tfstate"
    "required_providers": {
      "aws": {
        "source": "aws",
        "version": "~> 3.0"