Amazon MSK cluster has enhanced monitoring enabled
kafka_cluster_enhanced_monitoring_enabled
Amazon MSK clusters are assessed for enhanced monitoring levels beyond DEFAULT (e.g., PER_BROKER, PER_TOPIC_PER_BROKER, PER_TOPIC_PER_PARTITION).
Serverless clusters include enhanced monitoring by design; provisioned clusters are evaluated by their configured monitoring level.
Risk
Insufficient metrics limit visibility into broker health, replication state, and consumer lag, delaying response to incidents.
This increases risk of availability loss (saturation, throttling) and can mask integrity issues such as under-replicated partitions, raising data-loss impact during failures.
prowler aws --checks kafka_cluster_enhanced_monitoring_enabled
Recommendation
Select an enhanced level (e.g., PER_BROKER or finer) and establish observability: prioritize telemetry for broker resources, replication health, and consumer lag. Configure alerts and dashboards aligned to SLOs to enable proactive scaling and rapid incident containment. Balance granularity with cost.
Remediation
aws kafka update-monitoring --cluster-arn <CLUSTER_ARN> --current-version <CURRENT_VERSION> --enhanced-monitoring PER_BROKER
- Open the AWS Console and go to Amazon MSK
- Select your provisioned cluster
- Click Edit
- Under Monitoring, set Enhanced monitoring to PER_BROKER (or higher)
- Save changes and wait for the update to complete
Source Code
Resource Type
AwsMskCluster