Ensure monitoring is enabled for AWS Launch Configuration

HIGH

Description

Not enabling monitoring in AWS Launch Configuration could impact the incident response in case of instances attached to the AWS Launch Configuration are compromised.

Remediation

In AWS Console -

Sign in to AWS Console and go to the Launch configuration console in EC2.
Go to the Advanced details section.
For Detailed CloudWatch monitoring, select Enable.

In Terraform -

In the aws_launch_configuration resource, set the enable_monitoring field to true.

References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration#enable_monitoring

Policy Details

Rule Reference ID: AC_AWS_0455

CSP: AWS

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: aws_launch_configuration

Resource Category: Compute

Resource Type: Elastic Cloud Compute (EC2)

Frameworks

GDPR
HIPAA
NIST-800-53
NIST-CSF

Detections

Analytics