Amazon_CloudWatch_4

Ensure a log metric filter and alarm exist for IAM policy changes

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established changes made to Identity and Access Management (IAM) policies.

Remediation

Perform the following to ensure a log metric filter and alarm exist for IAM policy changes

Note : Filter pattern for IAM policy changes

filterPattern”:
“{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=Delete
UserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=P
utUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=Cr
eatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)|
|($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUs
erPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}”

Perform the following to setup the metric filter, alarm, SNS topic, and subscription:

Identify the log group name configured for use with CloudTrail
Note the &lt

Service

CloudWatch

Severity

Medium

Ensure a log metric filter and alarm exist for IAM policy changes

Description

Remediation

Service

Severity

Compliance

Mapping

Cloudlytics

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Ensure a log metric filter and alarm exist for IAM policy changes

Description

Remediation

Service

Severity

Compliance

Mapping

Cloudlytics

CLOSE

We are now live on AWS Marketplace. The integrated view of your cloud infrastructure is now easier than ever!

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!