Fix VPC DNS settings for SSM and CloudWatch agents

Opportunity Name:

 

Fix VPC DNS settings for SSM and CloudWatch agents

 

AWS Resource Type:

 

Amazon EC2

 

Opportunity Description:

 

In order to identify all cost saving opportunities for EC2 instances, CloudFix requires SSM and CloudWatch agents to be running on each instance, and to be able to communicate with their respective AWS service endpoints. This FF updates VPC DNS settings to allow the SSM and CloudWatch agents to resolve the domain names of their service endpoints.

 

Note: this FF does not directly save costs, but will unlock cost saving opportunities for other FFs.

 

Criteria for identifying the opportunity:

 

The Finder uses the EC2 DescribeVpcs API with the filter state=available to list all available VPCs.

 

Next, the Finder uses the EC2 DescribeVpcAttribute API to fetch the configuration of each of the available VPCs. An opportunity is identified when either the enableDnsSupport or enableDnsHostnames attributes is set to false.

 

Potential savings (range in % on annual basis):

 

None - this FF does not directly save costs, but will unlock cost saving opportunities for other FFs.

 

What happens when the Fixer is executed?

 

Is it possible to rollback once CloudFix implements the fixer?

 

There is no automated rollback, but the changes can be reversed manually by using the EC2 ModifyVpcAttribute API to set the EnableDnsSupport and EnableDnsHostnames parameters back to their original values.

 

Can CloudFix implement the fix automatically once I accept the recommendation?

 

Yes.

 

Does this fix require downtime?

 

No.

 

Additional Resources:

Comments

0 comments

Article is closed for comments.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request