Cloudwatch Audit

​

Checks Performed

• Authorization Failures Alarm Should Be Enabled
• AWS Config Changes Alarm Should Be Enabled
• CloudTrail Changes Alarm Should Be Enabled
• CloudWatch Log Groups Should Be Encrypted
• CloudWatch Log Groups Should Be Encrypted With CMK
• CMK Disabled or Scheduled for Deletion Alarm
• Console Sign-in Failures Alarm
• AWS Console Sign In Without MFA Should Be Monitored
• Resource Policy Attachment In Custom EventBus
• Resource Policy Attachment In Custom Schema Registry
• Cloudwatch Loggroup Retention Period Should Be Reviewed
• Default WebACL Action Without Rules Should Be Allowed
• EC2 Instance Changes Alarm
• EC2 Large Instance Changes Alarm
• EventBus Should Not Allow Cross Account Access
• Event Bus Should Not Be Exposed
• AWS CloudWatch Events Should Be Used
• FMS Shield Resource Policy Should Be Enabled
• FMS Web ACL Should Have Rule Group Association
• EventBridge Global Endpoints Replication Should Be Enabled
• IAM Policy Changes Alarm Should Be Enabled
• Internet Gateway Changes Alarm Should Be Enabled
• Metric Filter for VPC Flow Logs CloudWatch Log Group Should Be set
• Network ACL Changes Alarm Should Be Enabled
• AWS Organizations Changes Alarm
• Root Account Usage Alarm Should Be Enabled
• Route Table Changes Alarm Should Be Enabled
• S3 Bucket Changes Alarm Should Be Enabled
• Security Group Changes Alarm Should Be Enabled
• VPC Changes Alarm Should Be Enabled
• CloudWatch Alarm for VPC Flow Logs Metric Filter Should Be Set
• WAF Global Rule Groups Should Not Be Empty
• WAF Global Rules Should Not Be Empty
• WAF Global Web ACL Should Not Be Empty
• WAF Logging Should Be Enabled
• WAF Regional Rule Groups Should Not Be Empty
• WAF Regional Rules Should Not Be Empty
• WAF Regional Web ACL Should Not Be Empty
• WAFv2 WebACL Should Contain Rule Group Or Groups
• WAF WebACLs Must Have Basic Rule Protection
• WAFv2 WebACL Rule Group Logging Should Be Enabled
• WAF V2 Rule Groups Should Not Be Empty
• WebACL Rules Should Not Be In Count Mode