Ensure that each EC2 instance available within your web-tier Auto Scaling Group (ASG) is using an AWS CloudWatch Logs agent to monitor, store and access log files from each instance. A CloudWatch Logs agent needs to be installed on the guest Operating System (OS) of each web-tier EC2 instance that you want to ship logs from. This conformity rule assumes that all AWS resources provisioned for your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
An AWS CloudWatch Logs agent helps providing centralized logging, monitoring and incident reporting of both system-level and application-level events generated for the EC2 instances provisioned in the web-tier Auto Scaling Group.
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if the EC2 instances within your web-tier ASG are being launched with AWS CloudWatch Logs agents, perform the following actions:
To automatically install the AWS Cloudwatch Logs agent on the EC2 instances within your web-tier ASG, you must re-create the ASG launch configuration and configure it with the necessary user data (agent installation script). To set up a new launch configuration and replace the existing one, perform the following actions:Note: The guest OS utilized in this remediation/resolution section is Amazon Linux.