AWS managedservices high security documentation change
Summary
Added SecureChannelFailure monitoring for Windows EC2 instances and updated documentation link formatting
Security assessment
Added CloudWatch alarm for SecureChannelFailure events which indicate potential security issues with authentication/encryption channels. This directly documents security monitoring capabilities for Windows instances.
Diff
diff --git a/managedservices/latest/userguide/monitoring-default-metrics.md b/managedservices/latest/userguide/monitoring-default-metrics.md index 140a134e1..936a731d1 100644 --- a//managedservices/latest/userguide/monitoring-default-metrics.md +++ b//managedservices/latest/userguide/monitoring-default-metrics.md @@ -25,0 +26 @@ Application Load Balancer (ALB) target | No | TargetConnectionErrorCount sum > 0 +Amazon EC2 instance – Windows | No | SecureChannelFailure > 0.0 for 10 out of the last 15 data points. | CloudWatch alarm on Windows instances to alert when Secure a Channel connection has failed. @@ -35 +36 @@ Root Volume Usage >= 95% for 5 mins, 6 consecutive times. -Non-root Volume Usage > 85% for 5 mins, 2 consecutive times. **Disabled by default; for details, see[ Additional Information](https://docs.aws.amazon.com/managedservices/latest/ctref/management-monitoring-cloudwatch-enable-non-root-volumes-monitoring.html#management-monitoring-cloudwatch-enable-non-root-volumes-monitoring-info)**. +Non-root Volume Usage > 85% for 5 mins, 2 consecutive times. **Disabled by default; for additional information, see<https://docs.aws.amazon.com/managedservices/latest/ctref/management-monitoring-cloudwatch-enable-non-root-volumes-monitoring.html#management-monitoring-cloudwatch-enable-non-root-volumes-monitoring-info>**.