Enable Instance Termination Notifications For Virtual Machine Scale Sets

More Info:

Ensure that your Microsoft Azure virtual machine scale sets are configured to receive instance termination notifications through the Azure Metadata service and have a predefined delay timeout configured for the “Terminate” operation (event). The termination notifications are delivered through Scheduled Events, an Azure Metadata feature which sends termination notifications, and can also be used to delay impactful operations such as reboots and redeployments. The delay associated with the “Terminate” event will depend on the delay limit specified in the VM scale set model configuration.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Enable Instance Termination Notifications For Virtual Machine Scale Sets” in Azure using Azure CLI, you can follow the below steps:Step 1: Open the Azure CLI command prompt or terminal.Step 2: Run the following command to enable the instance termination notifications for virtual machine scale sets:

az monitor autoscale update --ids <resource-id> --add-notification email --email-administrator <email-address>

Note: Replace <resource-id> with the resource ID of the virtual machine scale set and <email-address> with the email address of the administrator.Step 3: Verify the instance termination notification settings by running the following command:

az monitor autoscale show --ids <resource-id>

Note: Replace <resource-id> with the resource ID of the virtual machine scale set.Step 4: Ensure that the “notifications” property in the output of the above command contains the email address of the administrator.With these steps, you have successfully remediated the misconfiguration “Enable Instance Termination Notifications For Virtual Machine Scale Sets” in Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Enable Instance Termination Notifications For Virtual Machine Scale Sets” for AZURE using Python, you can follow the below steps:

Import the required libraries:

from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.monitor import MonitorManagementClient
from azure.identity import DefaultAzureCredential
from azure.mgmt.monitor.models import ActionGroup, ActionGroupPatchBody, ActionGroupResource

Authenticate the client:

credential = DefaultAzureCredential()
compute_client = ComputeManagementClient(credential, subscription_id)
monitor_client = MonitorManagementClient(credential, subscription_id)

Get the VM Scale Set ID:

vmss = compute_client.virtual_machine_scale_set_vms.list(resource_group_name, vm_scale_set_name)
vmss_id = vmss.next().id

Create an action group:

action_group_name = "my_action_group"
email_address = "[email protected]"
sms_phone_number = "+1234567890"

action_group = ActionGroup(
    group_short_name=action_group_name,
    enabled=True,
    email_receivers=[email_address],
    sms_receivers=[sms_phone_number],
)

monitor_client.action_groups.create_or_update(resource_group_name, action_group_name, action_group)

Get the action group ID:

action_group = monitor_client.action_groups.get(resource_group_name, action_group_name)
action_group_id = action_group.id

Enable termination notifications for the VM Scale Set:

monitor_client.autoscale_settings.create_or_update(
    resource_group_name,
    vm_scale_set_name,
    "default",
    {
        "profiles": [
            {
                "name": "defaultProfile",
                "capacity": {"minimum": "1", "maximum": "10", "default": "1"},
                "rules": [
                    {
                        "metric_trigger": {
                            "metric_name": "Percentage CPU",
                            "metric_resource_uri": vmss_id,
                            "time_grain": "PT1M",
                            "statistic": "Average",
                            "time_window": "PT5M",
                            "time_aggregation": "Average",
                            "operator": "GreaterThan",
                            "threshold": 80,
                        },
                        "scale_action": {
                            "direction": "Increase",
                            "type": "ChangeCount",
                            "value": "1",
                            "cooldown": "PT5M",
                        },
                    }
                ],
                "notifications": [
                    {
                        "operation": "Terminate",
                        "email": {"send_to_subscription_administrator": True},
                        "action_group_id": action_group_id,
                    }
                ],
            }
        ]
    },
)

These steps will enable instance termination notifications for the specified VM Scale Set in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable Instance Termination Notifications For Virtual Machine Scale Sets

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation