Open richgreen-moj opened 6 months ago
richgreen-moj
commented
4 months ago Might not be ready to do this yet on the Observability Platform as we are only trialling it for internal platform use currently (rather than subscribing all member accounts to it).
There was a suggestion that this be turned into a SPIKE and to look into other ways it might be achieved e.g. using fleet manager.
dms1981
commented
3 months ago As a question, is this also tracked by AWS SecurityHub? If that's the case could we pull the SecurityHub findings into Observability Platform?
github-actions[bot]
commented
6 days ago This issue is stale because it has been open 90 days with no activity.
User Story
As a MP Engineer I want to be able to monitor and alert on any ec2 instances that do not have the SSM agent installed.
Value / Purpose
As a follow on from https://github.com/ministryofjustice/modernisation-platform/issues/2415
This story would involve scanning for instances that don't have the SSM agent installed and to gather details of the affected instances and alert MP when this is discovered.
Currently this can be achieved by running this job ad-hoc to retrieve a csv file of non-managed instances.
We may decide to use observability platform for this, but not necessarily
This is to improve our security posture
Useful Contacts
@richgreen-moj @davidkelliott
Additional Information
No response
Proposal / Unknowns
Hypothesis If we... [do a thing] Then... [this will happ]
Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.
Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.
Definition of Done
Example - [ ] Documentation has been written / updated