Back to All Checks
Low Detect Regional

MSK clusters should have enhanced monitoring configured

NIST 800-53

Description

This control checks whether an Amazon MSK (Managed Streaming for Apache Kafka) cluster has enhanced monitoring configured. The specific requirement is that the monitoring level must be at least PER_TOPIC_PER_BROKER. The control will fail if the monitoring level for the cluster is set to DEFAULT or PER_BROKER. This monitoring level provides more granular insights into the performance of the MSK cluster. It offers metrics related to resource utilization, such as CPU and memory usage. This detailed visibility helps in identifying performance bottlenecks and resource utilization patterns for individual topics and brokers, which in turn can be used to optimize the performance of Kafka brokers.

Remediation

To remediate MSK clusters without enhanced monitoring, you need to enable CloudWatch Logs for the cluster.

Steps

  1. Navigate to the Amazon MSK console
  2. Select the MSK cluster that needs remediation
  3. Click on 'Edit' or 'Modify' cluster
  4. Go to 'Monitoring' settings
  5. Enable 'CloudWatch Logs'
  6. Configure log groups and retention settings
  7. Set up monitoring level to PER_TOPIC_PER_BROKER
  8. Review the monitoring configuration
  9. Apply the changes to the cluster
  10. Verify enhanced monitoring is working

Compliance

NIST 800-53
Start Your Free Security Check