OCI Compute Instance has monitoring disabled
Description
This policy identifies the OCI Compute Instances that are configured with Monitoring disabled. It is recommended that Compute Instances should be configured with monitoring is enabled following security best practices.
Code Example
go
resource "oci_core_instance" "pass" {
...
agent_config {
...
is_monitoring_disabled = false
....
}Remediation
- OCI Console*
. Login to the OCI Console
. Type the resource reported in the alert into the Search box at the top of the Console.
. Click the resource reported in the alert from the Resources submenu
. Under Resources, click Metrics.
. Click Enable monitoring. + (If monitoring is not enabled (and the instance uses a supported image), then a button is available to enable monitoring.) + FMI : https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/enablingmonitoring.htm#ExistingEnabling === Fix - Buildtime
Terraform
- Resource: oci_core_instance
- Arguments: agent_config.is_monitoring_disabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1233 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_6 |