Free Assessment

Amazon_CloudWatch_14

Ensure a log metric filter and alarm exist for VPC changes

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is possible to have more than 1 VPC within an account, in addition it is also possible to create a peer connection between 2 VPCs enabling network traffic to route between VPCs. It is recommended that a metric filter and alarm be established for changes made to VPCs.

Remediation

Perform the following to ensure a log metric filter and alarm exist for VPC changes

Note : Filter pattern for VPC changes

filterPattern”: “{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) ||
($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) ||
($.eventName = CreateVpcPeeringConnection) || ($.eventName =
DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) ||
($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) ||
($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }”

Perform the following to setup the metric filter, alarm, SNS topic, and subscription:

  1. Identify the log group name configured for use with CloudTrail
  2. Note the &lt

Service

CloudWatch

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More