Amazon_CloudWatch_16

Ensure Event Bus is not Exposed publically

Description

An AWS CloudWatch default event bus is a feature that facilitates AWS accounts to share events with each other. This feature can be useful to AWS accounts that belong to the same organization or belong to organizations that are associated or have a similar relationship. The event bus has an access policy that specifies the AWS entities that are allowed to send events to the bus. To follow security best practices, you need to allow only the authorized users to send their events data by managing the permissions defined for the default event bus.CloudWatch default event bus should not be configured in such a way that it allows access to everyone (*).This should be avoided in order to prevent anonymous users from sharing their CloudWatch events

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to AWS CloudWatch dashboard.

3. In the left navigation panel, under Events section, select Event Buses.

4. On the Event Buses page, select Permissions tab, choose the permission with the Principal attribute set to Everybody(*) and click Remove to delete the permission and block the public access to the default event bus available within the current AWS region.

Service

CloudWatch

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!