EC2 Instance Monitoring Disabled

  • Query id: 23b70e32-032e-4fa6-ba5c-82f56b9980e6
  • Query name: EC2 Instance Monitoring Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Observability
  • CWE: 778
  • URL: Github

Description

EC2 Instance should have detailed monitoring enabled. With detailed monitoring enabled data is available in 1-minute periods
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "monitoring_positive1" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
  }
}
Positive test num. 2 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "monitoring_positive2" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"
  monitoring    = false

  tags = {
    Name = "HelloWorld"
  }
}
Positive test num. 3 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

Positive test num. 4 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = false
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}
Positive test num. 5 - json file
{
  "//": {
    "metadata": {
      "backend": "local",
      "stackName": "cdktf-test",
      "version": "0.9.0"
    },
    "outputs": {}
  },
  "provider": {
    "aws": [
      {
        "region": "us-east-1"
      }
    ]
  },
  "resource": {
    "aws_instance": {
      "cdktf-test": {
        "//": {
          "metadata": {
            "path": "cdktf-test/cdktf-test",
            "uniqueId": "cdktf-test"
          }
        },
        "ami": "ami-1212f123",
        "instance_type": "t2.micro",
        "monitoring": false
      }
    }
  },
  "terraform": {
    "backend": {
      "local": {
        "path": "/terraform.cdktf-test.tfstate"
      }
    },
    "required_providers": {
      "aws": {
        "source": "aws",
        "version": "~> 3.0"
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "monitoring_negative1" {
  ami           = data.aws_ami.ubuntu.id
  monitoring    = true
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
  }
}
Negative test num. 2 - tf file
module "ec2_instance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 3.0"

  name = "single-instance"

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = true
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"
  associate_public_ip_address = false

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}
Negative test num. 3 - json file
{
  "//": {
    "metadata": {
      "backend": "local",
      "stackName": "cdktf-test",
      "version": "0.9.0"
    },
    "outputs": {}
  },
  "provider": {
    "aws": [
      {
        "region": "us-east-1"
      }
    ]
  },
  "resource": {
    "aws_instance": {
      "cdktf-test": {
        "//": {
          "metadata": {
            "path": "cdktf-test/cdktf-test",
            "uniqueId": "cdktf-test"
          }
        },
        "ami": "ami-1212f123",
        "instance_type": "t2.micro",
        "monitoring": true
      }
    }
  },
  "terraform": {
    "backend": {
      "local": {
        "path": "/terraform.cdktf-test.tfstate"
      }
    },
    "required_providers": {
      "aws": {
        "source": "aws",
        "version": "~> 3.0"
      }
    }
  }
}