# On-request reports **Topics** + [ # AMS Patch reports ](reporting-patch.md) + [ # AMS Backup reports ](reporting-backup.md) + [ # Incidents Prevented and Monitoring Top Talkers reports ](incidents-prevented-top-talkers.md) + [ # Billing Charges Details report ](reporting-billing-details.md) + [ # Trusted Remediator reports ](trusted-remediator-reports.md) AMS collates data from various native AWS services to provide value added reports on major AMS offerings. For a copy of these reports, make a request to your Cloud Service Delivery Manager (CSDM). # AMS Patch reports **Topics** + [ ## Patch Instance Details Summary report ](#reporting-patch-instance-details) + [ ## Patch Details report ](#reporting-patch-details) + [ ## Instances That Missed Patches report ](#reporting-patches-missed) + [ ## Patching SSM Coverage report ](#patch-ssm-coverage) ## Patch Instance Details Summary report The Patch Instance Details Summary report provides instance details gathered for instances that are onboarded to reporting. This is an informational report that helps identify all the instances onboarded, account status, instance details, maintenance window coverage, maintenance window execution time, stack details, and platform type. This report provides the following: 1. Data on the production and non-production instances of an account. Note: Production and non-production stage is derived from the Account Name and not from the Instance Tags. 1. Data on the distribution of instances by platform type. Note: 'N/A' platform type is when AWS Systems Manager can't retrieve the platform information. 1. Data on the distribution of state of instances, and the number of instances running, stopped, or terminating. | **Field Name** | **Definition** | | --- | --- | | Report Datetime | The date and time the report was generated. | | Account Id | AWS Account ID to which the instance ID belongs | | Account Name | AWS account name | | Production Account | Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. Example: PROD, NONPROD, Not Available | | Account Status | AMS account status. For example: ACTIVE, INACTIVE | | AMS account service commitment | PREMIUM, PLUS | | Landing Zone | Flag for account landing zone type. For example: MALZ, NON-MALZ | | Access Restrictions | Regions to which access is restricted. For example: US SOIL | | Instance Id | ID of EC2 instance | | Instance Name | Name of EC2 instance | | Instance Platform Type | Operating System (OS) type. For example: Windows, Linux, and so forth | | Instance Platform Name | Operating System (OS) name. For example: MicrosoftWindowsServer2012R2Standard, RedHatEnterpriseLinuxServer | | Stack Name | Name of stack that contains instance | | Stack Type | AMS stack (AMS infrastructure within customer account) or Customer stack (AMS managed infrastructure that supports customer applications). Examples: AMS, CUSTOMER | | Auto Scaling Group Name | Name of Auto Scaling Group (ASG) that contains the instance | | Instance Patch Group | Patch group name used to group instances together and apply the same maintenance window. If the patch group is unassigned the value will be "Unassigned" | | Instance Patch Group Type | Patch group type. DEFAULT: default patch group with the default maintenance window, determined by the `AMSDefaultPatchGroup:True` tag on the instance. CUSTOMER: customer created patch group. NOT\$1ASSIGNED: no patch group assigned | | Instance State | State within the EC2 instance lifecycle. Examples: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING. For more information, see [Instance lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html). | | Maintenance Window Coverage | If there is a future Maintenance Window on this instance. Examples: COVERED or NOT\$1COVERED | | Maintenance Window Execution Datetime | Next time the maintenance window is expected to execute. If NULL, single window execution, i.e. not recurring | ## Patch Details report AWS Managed Services (AMS) Patch Details report provides patch details and maintenance window coverage of various instances, including: 1. Data on Patch groups and its types. 1. Data on Maintenance Windows, duration, cutoff, future dates of maintenance window executions (schedule) and instances impacted in each window. 1. Data on all the operating systems under the account and number of instances that operating system is installed. | **Field Name** | **Definition** | | --- | --- | | Report Datetime | The date and time the report was generated. | | Account ID | AWS Account ID to which the instance ID belongs | | Account Name | AWS account name | | Instance Id | ID of EC2 instance | | Production Account | Identifier of AMS prod, non-prod accounts, depending on whether account name include value 'PROD', 'NONPROD'. If data is not available value will be "Not Available" | | Account Status | AMS account status. For example: ACTIVE, INACTIVE | | Instance Platform Type | Operating System (OS) type. For example: Windows, Linux | | Instance Platform Name | Operating System (OS) name. For example: MicrosoftWindowsServer2012R2Standard, RedHatEnterpriseLinuxServer | | Stack Type | AMS stack (AMS infrastructure within a customer account) or Customer stack (AMS managed infrastructure that supports customer applications). For example: AMS, CUSTOMER | | Instance Patch Group | Patch group name used to group instances together and apply the same maintenance window. If the patch group is unassigned the value will be "Unassigned" | | Instance Patch Group Type | Patch group type. DEFAULT: default patch group w/ default maintenance window, determined by `AMSDefaultPatchGroup:True` tag on the instance CUSTOMER: customer created patch group UNASSIGNED: no patch group assigned | | Instance State | State within the EC2 instance lifecycle. For example: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING For more information, see [Instance lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html). | | Maintenance Window Id | Maintenance window identifier | | Maintenance Window State | Possible values are ENABLED or DISABLED. | | Maintenance Window Type | Maintenance window type | | Maintenance Window Next Execution Datetime | Next time the maintenance window is expected to execute. If NULL, single window execution, i.e. not recurring | | Last Execution Maintenance Window | The latest time the maintenance window was executed | | Maintenance Window Duration (hrs) | The duration of the maintenance window in hours | | Maintenance Window Coverage | The maintenance window coverage | | Patch Baseline Id | Patch baseline currently attached to instance | | Patch Status | Overall patch compliance status. For example: COMPLIANT, NON\$1COMPLIANT. If there is at least one missing patch, instance is considered noncompliant, otherwise compliant. | | Compliant - Total | Count of compliant patches (all severities) | | Noncompliant - Total | Count of noncompliant patches (all severities) | | Compliant - Critical | Count of compliant patches with "critical" severity | | Compliant - High | Count of compliant patches with "high" severity | | Compliant - Medium | Count of compliant patches with "medium" severity | | Compliant - Low | Count of compliant patches with "low" severity | | Compliant - Informational | Count of compliant patches with "informational" severity | | Compliant - Unspecified | Count of compliant patches with "unspecified" severity | | Noncompliant - Critical | Count of noncompliant patches with "critical" severity | | Noncompliant - High | Count of noncompliant patches with "high" severity | | Noncompliant - Medium | Count of noncompliant patches with "medium" severity | | Noncompliant - Low | Count of noncompliant patches with "low" severity | | Noncompliant - Informational | Count of noncompliant patches with "informational" severity | | Noncompliant - Unspecified | Count of noncompliant patches with "unspecified" severity | ## Instances That Missed Patches report AWS Managed Services (AMS) Instances That Missed Patches report provides details on instances that missed patches during the last maintenance window execution, including: 1. Data on missing patches at the patch ID level. 1. Data on all the instances which have at least one patch missing along with attributes such as patch severity, unpatched days, range, and release date of the patch. | **Field Name** | **Definition** | | --- | --- | | Report Datetime | The date and time the report was generated. | | Account ID | AWS Account ID to which the instance ID belongs | | Account Name | AWS account name | | Production Account | Identifier of AMS prod, non-prod accounts, depending on whether the account name includes the value 'PROD','NONPROD'. | | Account Status | AMS account status. For example: ACTIVE or INACTIVE | | AMS account service tier | PREMIUM or PLUS | | Instance ID | ID of EC2 instance | | Instance Platform Type | Operating System (OS) type. For example: Windows | | Instance State | State of the EC2 instance lifecycle. For example: TERMINATED, RUNNING, STOPPING, STOPPED, SHUTTING-DOWN, PENDING For more information, see [Instance lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html). | | Patch ID | ID of released patch. For example: KB3172729 | | Patch Severity | Severity of patch per publisher. For example: CRITICAL, IMPORTANT, MODERATE, LOW, UNSPECIFIED | | Patch Classification | Classification of patch per publisher. For example: CRITICALUPDATES, SECURITYUPDATES, UPDATEROLLUPS, UPDATES, FEATUREPACKS | | Patch Release Datetime (UTC) | Release date of patch per publisher | | Patch Install State | Install state of patch on instance per SSM. For example: INSTALLED, MISSING, NOT APPLICABLE | | Days Unpatched | Number of days instance unpatched since last SSM scanning | | Days Unpatched Range | Bucketing of days unpatched. For example: <30 DAYS, 30-60 DAYS, 60-90 DAYS, 90\$1 DAYS | ## Patching SSM Coverage report The AMS Patching SSM Coverage report informs you whether or not the EC2 instances in the account have the SSM Agent installed. | **Field Name** | **Definition** | | --- | --- | | Customer Name | Customer name for situations where there are multiple sub-customers | | Resource Region | AWS Region where the resource is located | | Account name | The name of the account | | AWS Account ID | The ID of the AWS account | | Resource Id | ID of EC2 instance | | Resource Name | Name of EC2 instance | | Compliant flag | Indicates if the resource has the SSM Agent installed ("Compliant") or not ("NON\$1COMPLIANT") | # AMS Backup reports **Topics** + [ ## Backup Job Success / Failure report ](#reporting-backup-success-failure) + [ ## Backup Summary report ](#reporting-backup-summary) + [ ## Backup Summary/Coverage report ](#backup-summary-coverage) ## Backup Job Success / Failure report The Backup Job Success/Failure report provides information about backups run in the last few weeks. To customize the report, specify the number of weeks that you want to retrieve data for. The default number of weeks is 12. The following table lists the data included in the report: | **Field Name** | **Definition** | | --- | --- | | AWS Account ID | AWS Account ID to which the resource belongs | | Account Name | AWS account name | | Backup Job ID | The ID of the Backup job | | Resource ID | The ID of the backed-up resource | | Resource Type | The type of resource that is being backed up | | Resource Region | The AWS Region of the backed up resource | | Backup State | The state of the backup. For more information, see [Backup job statuses ](https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup.html#backup-job-statuses) | | Recovery Point ID | The unique identifier of the recovery point | | Status message | Description of errors or warnings that occurred during the backup job | | Backup Size | Size of the backup in GB | | Recovery Point ARN | The ARN of the created backup | | Recovery point age in days | Number of days that have passed since the recovery point was created | | Less than 30 days old | Indicator of backups that are less than 30 days old | ## Backup Summary report | **Field Name** | **Definition** | | --- | --- | | Customer Name | Customer name for situations where multiple sub-customers are | | Backup Month | Month of the backup | | Backup Year | Year of the backup | | Resource Type | The type of resource that is being backed up | | \$1 of Resources | The number of resources that were backed up | | \$1 of Recovery points | Number of distinct snapshots | | Backups less than 30 Days Old | The count of backups that are less than 30 days old | | Max Recovery point age | The oldest recovery point age in days | | Min Recovery point age | The most recent recovery point age in days | ## Backup Summary/Coverage report The Backup Summary/Coverage report lists how many resources are not currently protected by any AWS Backup plan. Discuss with your CDSM an appropriate plan to increase coverage, where possible, and to reduce the risk of data loss. | **Field Name** | **Definition** | | --- | --- | | Customer Name | Customer name for situations where multiple sub-customers are | | Region | AWS region where the resource is located | | Account name | The name of the account | | AWS Account ID | The ID of the AWS account | | Resource Type | Type of the resource. Resources are supported by AWS Backup (Aurora, DocumentDB, DynamoDB, EBS, EC2, EFS, FSx, RDS, and S3) | | Resource ARN | ARN of the resource | | Resource ID | ID of the resource | | Coverage | Indicates if the resource is covered or not ("COVERED" or "NOT\$1COVERED") | | \$1 of resources | Number of supported resources in the account | | perc\$1coverage | Percentage of supported resources with a backup executed in the last 30 days. | # Incidents Prevented and Monitoring Top Talkers reports **Topics** + [ ## Incidents prevented report ](#incidents-prevented) + [ ## Monitoring Top Talkers report ](#top-talkers) ## Incidents prevented report The Incidents Prevented report lists the Amazon CloudWatch alarms that were automatically remediated, preventing a possible incident. To learn more, see [Auto remediation](https://docs.aws.amazon.com/managedservices/latest/accelerate-guide/auto-remediation.html). The following table lists the information included in this report: | **Field Name** | **Definition** | | --- | --- | | execution\$1start\$1time\$1utc | Date in which the automation was executed | | customer\$1name | Account customer name | | account\$1name | The name of the account | | AwsAccountId | The ID of the AWS account | | document\$1name | The name of the SSM document or automation executed | | duration\$1in\$1minutes | The length of the automation in minutes | | Region | AWS Region where the resource is located | | automation\$1execution\$1id | The ID of the execution | | automation\$1execution\$1status | The status of the execution | ## Monitoring Top Talkers report The Monitoring Top Talkers report presents the number of Amazon CloudWatch alerts generated during a specific time period and provides visualizations of the resources that generate the highest number of alerts. This report helps you identify resources that generate the highest number of alerts. These resources might be candidates for performing Root Cause Analysis to remediate the problem or to modify the alarm thresholds to prevent unnecessary triggers when there isn't an actual issue. The following table lists the information included in this report: | **Field Name** | **Definition** | | --- | --- | | Customer name | Name of the customer | | AccountId | The ID of the AWS account | | Alert category | The type of alert triggered | | Description | Description of the alert | | Resource ID | ID of the resource that triggered the alert | | Resource Name | Name of the resource that triggered the alert | | Region | AWSRegion where the resource is located | | Incident status | Latest status of the incident generated by the alarm | | First occurrence | First time that the alert was triggered | | Recent occurrence | The most recent time that the alert was triggered | | Alert Count | Number of alerts generated between the first and recent occurrence | # Billing Charges Details report AWS Managed Services (AMS) Billing Charges Details report provides details about AMS billing charges with linked accounts and respective AWS services, including: + AMS service-level charges, uplift percentages, account-level AMS service tiers and AMS fees. + Linked accounts and AWS usage charges | **Field Name** | **Definition** | | --- | --- | | Billing Month | The month and year of the service billed | | Payer Account ID | The 12 digit ID identifying the account that will be responsible for paying the AMS charges | | Linked Account ID | The 12 digit ID identifying the AMS account that consumes services that generates expenses | | AWS Service Name | The AWS service that was used | | AWS Charges | The AWS charges for the AWS service name listed in AWS Service Name | | Pricing Plan | The name of the pricing plan associated with the linked account | | Uplift Proportion | The uplift percentage (as a decimal V.WXYZ) based on pricing\$1plan, SLA, and AWS service | | Adjusted AWS Charges | AWS usage adjusted for AMS | | Uplifted AWS Charges | The percentage of AWS charges to be charged for AMS; adjusted\$1aws\$1charges \$1 uplift\$1percent | | Instances EC2 RDS Spend | Spend on EC2 and RDS instances | | AMS Charges | Total AMS charges for the product; uplifted\$1aws\$1charges \$1 instance\$1ec2\$1rds\$1spend \$1 uplifted\$1ris \$1 uplifted\$1sp | | Prorated Minimum Fee | The amount we charge to meet the contractual minimum | | Minimum Fee | AMS Minimum Fees (if applicable) | | Linked Account Total AMS Charges | Sum of all charges for the linked\$1account | | Payer Account Total AMS Charges | Sum of all charges for payer account | # Trusted Remediator reports **Topics** + [ ## Trusted Remediator Remediation Summary report ](#trusted-remediator-summary) + [ ## Trusted Remediator Configuration Summary report ](#trusted-remediator-config-summary) + [ ## Trusted Advisor Check Summary report ](#trusted-advisor-check-summary) ## Trusted Remediator Remediation Summary report The Trusted Remediator Remediation Status report provides information about the remediations that occurred during previous remediation cycles. The default number of weeks is 1. To customize the report, specify the number of weeks based on your remediation schedule. | **Field Name** | **Definition** | | --- | --- | | Date | The date that the data was collected on. | | Account ID | The AWS account ID that the resource belongs to | | Account Name | The AWS account name | | Check Category | The AWS Trusted Advisor check category | | Check Name | The name of the remediated Trusted Advisor check | | Check ID | The ID of the remediated Trusted Advisor check | | Execution Mode | The execution mode that was configured for the specific Trusted Advisor check | | OpsItem ID | The ID of the OpsItem created by Trusted Advisor for remediation | | OpsItem Status | The status of the OpsItem created by Trusted Advisor at the time of reporting | | Resource ID | The ARN of the resource created for remediation | ## Trusted Remediator Configuration Summary report The Trusted Remediator Configuration Summary report provides information about the current Trusted Remediator Remediation configurations for each Trusted Advisor check. | **Field Name** | **Definition** | | --- | --- | | Date | The date that the data was collected on. | | Account ID | The AWS account ID that the configuration applies to | | Account Name | The AWS account name | | Check Category | The AWS Trusted Advisor check category | | Check Name | The name of the remediated Trusted Advisor check that the configuration applies to | | Check ID | The ID of the remediated Trusted Advisor check that the configuration applies to | | Execution Mode | The execution mode that was configured for the specific Trusted Advisor check | | Override to Automated | The tag pattern, if configured, to override execution mode to Automated | | Override to Manual | The tag pattern, if configured, to override execution mode to Manual | ## Trusted Advisor Check Summary report The Trusted Advisor Check Summary report provides information about the current Trusted Advisor checks. This report collects data after each weekly remediation schedule. The default number of weeks is 1. To customize the report, specify the number of weeks based on your remediation cycle. | **Field Name** | **Definition** | | --- | --- | | Date | The date that the data was collected on. | | Account ID | The AWS account ID that the configuration applies to | | Customer Name | The AWS account name | | Check Category | The AWS Trusted Advisor check category | | Check Name | The name of the remediated Trusted Advisor check that the configuration applies to | | Check ID | The ID of the remediated Trusted Advisor check that the configuration applies to | | Status | The alert status of the check. Possible statuses are ok (green), warning (yellow), error (red), or not\$1available | | Resources Flagged | The number of AWS resources that were flagged (listed) by the Trusted Advisor check. | | Resources Ignored | The number of AWS resources that were ignored by Trusted Advisor because you marked them as suppressed. | | Resources in critical state | The number of resources in critical state | | Resources in warning state | The number of resources in warning state |