Know and act in an instant on what's happening in your cloud account
AWS Events Monitoring
Cloud technologies have helped your businesses scale tremendously. But they also bring in their own share of complexity which could result in misconfigurations or attracting bad actors. This also knowing what's happening in your cloud accounts (like AWS, GCP, Azure) is crucial so that you can act on it.
Monitor Your Auto Scaling Infrastructure Changes
AutoScaling Events
Stay informed about critical AutoScaling events including policy changes, load balancer modifications, and instance termination within autoscaling groups. Get real-time alerts for Application Auto Scaling scalable target updates and deletions to maintain optimal performance.
Changes to Policy
A policy has been updated or deleted for an Application Auto Scaling scalable target. Monitor these changes to ensure your scaling policies remain effective and aligned with your infrastructure needs.
Load Balancer Changes
Track modifications to load balancers associated with your AutoScaling groups. Stay informed about configuration changes that could impact traffic distribution and application availability.
Terminate Instance in Autoscaling Group
Get notified when an instance within an autoscaling group is terminated. Monitor these events to understand scaling patterns and ensure proper instance lifecycle management.
Monitor SSL/TLS Certificate Lifecycle
Certificate Manager Events
Track certificate management activities including deletions, new requests, and domain validation processes. Ensure your SSL/TLS certificates are properly managed and validated for secure communications across your applications.
Delete Certificate
Amazon Certificate Manager Certificate is deleted along with its associated private key. Monitor certificate deletions to prevent unexpected SSL/TLS disruptions in your applications.
Request Certificate
ACM certificate is requested for use with other AWS services. Track new certificate requests to maintain visibility into your SSL/TLS certificate inventory and usage.
Resend Validation Email
An email is resent for domain ownership validation. Monitor validation email activities to ensure proper domain ownership verification and certificate issuance processes.
Track Your Infrastructure as Code Changes
CloudFormation Events
Monitor all CloudFormation stack operations including creation, updates, deletions, and cancellations. Maintain visibility into your infrastructure deployments and ensure proper stack lifecycle management across your AWS environment.
CloudFormation Changes
Any change like Create, Update, Delete or Cancellation of CloudFormation stack will result into this event. Keep track of all infrastructure modifications managed through CloudFormation templates.
List Stacks (Pilot Event)
We use this event as pilot event to check if the connection between your account and our account is established or not. This ensures continuous monitoring capabilities. Kindly do not disable this event.
Maintain Audit Trail Visibility
CloudTrail Events
Ensure continuous logging and audit trail maintenance across your AWS environment. Get immediate alerts when CloudTrail logging is stopped to maintain compliance and security visibility requirements.
Stop Cloud Trail Logging
CloudTrail has stopped log recording. This critical event requires immediate attention as it affects your ability to audit and monitor AWS API calls across your environment.
Comprehensive Compute Infrastructure Monitoring
EC2 Events Monitoring
Monitor all aspects of your EC2 infrastructure including networking changes, security group modifications, instance lifecycle events, VPC configurations, and storage operations. Maintain complete visibility into your compute environment for security and compliance.
CIDR Block Association Changes
A CIDR block is associated or disassociated with VPC or subnet. Monitor network address space modifications to maintain proper IP address management and network segmentation across your infrastructure.
Changes to Key Pair
A new keypair has been created or deleted from the EC2. Track SSH key management activities to maintain secure access control to your EC2 instances and prevent unauthorized access.
Changes to NAT Gateway
A NAT gateway has been created or deleted. Monitor NAT gateway changes to ensure proper outbound internet connectivity for private subnets and maintain network architecture integrity.
Changes to Network ACL
Creation or deletion of a network ACL. Track network Access Control Lists to maintain subnet-level security controls and ensure proper network traffic filtering at the subnet boundary.
Changes to Network ACL Entry
Creation or deletion of a network ACL entry. Monitor individual ACL rule modifications to maintain granular network security controls and traffic filtering policies.
Changes to Network Interface
Any change to Network interface like create, delete, attach or detach events. Track network interface operations to maintain proper network connectivity and instance networking configurations.
Changes to VPC Route or Route Table
Creation or deletion of route or route table. Monitor routing changes to ensure proper traffic flow and network connectivity within your VPC infrastructure.
Changes to VPN Gateway
VPN gateway is created, deleted, attached or detached. Track VPN gateway operations to maintain hybrid cloud connectivity and secure communication with on-premises networks.
Classic Link VPC Changes
Classic Link VPC changes either by attaching it or detaching it. Monitor Classic Link operations to maintain connectivity between EC2-Classic instances and VPC networks.
Delete Customer Gateway
A customer gateway is deleted. Track customer gateway deletions to maintain visibility into VPN connection endpoints and hybrid connectivity infrastructure.
Delete DHCP Options
A set of DHCP Options have been deleted. This will have been preceded by a disassociation of those DHCP options. Monitor DHCP configuration changes that affect IP address assignment.
EBS Volume Changes
EBS Volume is attached or detached. Track Elastic Block Store volume operations to maintain visibility into storage connectivity and ensure proper data access for your instances.
EC2 Instance Start or Stop
EC2 instance is started or stopped. Monitor instance state changes to track resource utilization, cost optimization opportunities, and maintain awareness of infrastructure operations.
EC2 Instance Termination
An instance has been terminated. Track instance termination events to maintain inventory accuracy, prevent accidental deletions, and ensure proper resource lifecycle management.
IP Address Changes
An Elastic IP address is associated, disassociated with existing subnet. Monitor Elastic IP operations to track public IP address assignments and maintain network accessibility.
Internet Gateway Changes
An internet gateway has been attached, detached, deleted. Track internet gateway operations to ensure proper internet connectivity for your VPC and maintain network architecture.
New VPC Created
New VPC is created. Monitor Virtual Private Cloud creation to maintain visibility into network infrastructure expansion and ensure proper network segmentation strategies.
Route Table Association Changes
A subnet is either associated or disassociated with route table. Track subnet-route table associations to ensure proper traffic routing and network connectivity within your VPC.
Run EC2 Instances
An Instance has been launched. Monitor instance launch events to track resource provisioning, maintain inventory accuracy, and ensure proper instance deployment procedures.
Security Group Egress Changes
An egress rule has been added or removed from a security group for use with a VPC. Track outbound traffic rules to maintain proper network security and data exfiltration prevention.
Security Group Ingress Changes
An ingress rule has been added or removed from a security group, controlling instance traffic from CIDR ranges or other security groups. Monitor inbound access controls for security compliance.
Security Groups Changes
Security Groups is created or deleted. Track security group lifecycle to maintain proper firewall configurations and ensure network access controls remain properly managed.
VPC Classic Link Change
Enable or Disable VPC Classic Link. Monitor Classic Link status changes to maintain proper connectivity between EC2-Classic and VPC environments when using legacy infrastructure.
VPC Endpoint Changes
VPC endpoint is created or deleted. Track VPC endpoint operations to maintain private connectivity to AWS services and ensure secure, efficient service access without internet routing.
VPC IAM Instance Profile Changes
An IAM instance profile is associated or disassociated with VPC. Monitor IAM profile associations to maintain proper identity and access management for VPC resources.
VPC Peering Connection Changes
A VPC peering is either requested or deleted. Track VPC peering operations to maintain network connectivity between VPCs and ensure proper inter-VPC communication channels.
VPN Connection Changes
Either a VPN connection or connection route is created or deleted. Monitor VPN connectivity changes to maintain secure communication channels with on-premises infrastructure.
Monitor Elastic File System Operations
EFS Events
Track Amazon Elastic File System activities including file system lifecycle management, mount target operations, and security group modifications to ensure proper file storage access and security.
File System Change
New File system is created or deleted. Monitor EFS file system lifecycle to track storage resources and ensure proper file system management across your applications.
Modify Mount Target Security Groups
A set of security groups for a mount target have been modified. Track security group changes to maintain proper access controls for your EFS mount targets.
Mount Target Change
Mount for the file system is created or deleted. Monitor mount target operations to ensure proper file system accessibility across your EC2 instances and availability zones.
Monitor In-Memory Cache Security
ElastiCache Events
Track ElastiCache security group modifications and network access changes to ensure your in-memory caching infrastructure remains secure and properly configured for optimal performance.
Cache Ingress Security Group Changes
Network ingress to cache security group is permitted or revoked. Monitor network access modifications to maintain secure connectivity to your ElastiCache clusters.
Elastic Cache Security Group Changes
An elastic cache security group is created or removed from the cluster. Track security group associations to ensure proper access controls for your caching infrastructure.
Monitor Load Balancer Operations
ELB Events
Track all load balancer activities including creation, deletion, configuration updates, listener and rule changes, target group operations, security group associations, and tagging actions across Classic, Application, and Network Load Balancers.
Load Balancer Lifecycle & Attributes
Monitor lifecycle events such as creation and deletion of load balancers. Also track attribute modifications for Application and Network Load Balancers to ensure operational consistency.
Listener Changes
Track all listener-related changes — including creation of new listeners, deletion of existing ones, or updates to configuration for Elastic Load Balancers. Helps ensure correct traffic routing and protocol handling.
Listener Rule Changes (ALB)
A rule has been created for a listener that is associated with an Application Load Balancer, or an existing rule has been updated or deleted. Monitoring this helps in tracking changes in routing logic.
Target Group Lifecycle & Attributes
Covers creation, modification, and deletion of target groups associated with ELBs. Also monitors attribute-level changes to target groups to ensure correct health check configurations and load balancing policies.
Target Registration Changes
A target (such as an EC2 instance or IP) has been registered or deregistered from a target group. Helps ensure backend infrastructure is correctly tied to the load balancer.
Security Group Association
A security group has been applied to a load balancer inside a VPC. This is critical for defining network-level access control to your applications.
Load Balancer Policy (Classic)
A policy has been created for a Classic Load Balancer. This affects traffic handling, stickiness, and SSL termination for classic setups.
Tag Removal from ELB
Tags have been removed from an ELB resource. Useful for identifying resource mismanagement or unintended deletions of metadata.
Monitor Identity and Access Management Activities
IAM Events
Gain full visibility into your IAM configuration by tracking changes to users, roles, groups, policies, MFA devices, keys, and identity providers. Detect critical access and permission updates across your AWS environment.
User and Credential Lifecycle
Track creation, modification, or deletion of IAM users, access keys, SSH keys, signing certificates, and server certificates. Includes actions like password creation, change, and deletion for console access.
Access Key & SSH Key Changes
Monitor generation, modification, or deletion of access key pairs and SSH public keys. Ensures secure access control and credential hygiene.
Password & MFA Management
Detect changes to IAM password policies, individual user passwords, and virtual MFA devices. Includes password resets, updates, deletions, and re-syncs.
IAM Group Activities
Identify when groups are created, modified, or deleted. Also tracks user-group associations like adding or removing a user from a group.
IAM Role Operations
Monitor role lifecycle changes such as creation and deletion. Also covers attachment/detachment of managed or inline policies and changes to assume role policies.
Instance Profile & Role Associations
Track when IAM roles are added to or removed from instance profiles. Also includes creation or deletion of instance profiles.
IAM Policy Changes
Covers creation of new policies or versions, updates to existing policies, deletions, and policy version changes. Includes inline and managed policies for users, groups, and roles.
Policy Attachment Activities
Detect changes where a managed policy is attached to or detached from IAM users, groups, or roles. Helps ensure least privilege principles are maintained.
Identity Providers & Federation
Track changes to SAML and OpenID Connect providers, including creation, update, deletion, and client ID modifications. Critical for federated access management.
Account-Wide IAM Settings
Includes updates to account password policies, alias creation, and setting default policy versions for users, roles, and groups.
Monitor Authentication Activities
IAM Signin Events
Track critical authentication events including root console logins and authentication attempts without MFA. Maintain visibility into account access patterns and potential security risks.
Console Login By Root
Root console login detected. Monitor root account access to ensure it's only used when necessary and follows security best practices for privileged access management.
Console Login without MFA
Console login without Multi-Factor Authentication detected. Track non-MFA logins to identify potential security risks and enforce MFA adoption across your organization.
Monitor Key Management Operations
KMS Events
Track Key Management Service activities including key operations, encryption/decryption events, grant management, and key policy modifications. Maintain visibility into your cryptographic key infrastructure.
Key Operations
Monitor key creation, enabling, disabling, and alias management. Track Customer Master Key (CMK) lifecycle operations to maintain proper cryptographic key management.
Encryption Operations
Track encrypt, decrypt, and re-encrypt operations along with data key generation activities. Monitor cryptographic operations to ensure proper data protection and key usage.
Grant Management
Monitor grant creation and listing operations for Customer Master Keys. Track key access permissions and delegation to maintain proper key access control.
Policy Operations
Track key policy retrieval and modification activities. Monitor key policy changes to ensure proper access controls and permissions for your encryption keys.
Monitor Serverless Function Operations
Lambda Events
Track Lambda function lifecycle management, code updates, configuration changes, and permission modifications. Maintain visibility into your serverless compute infrastructure and function operations.
Function Lifecycle
Monitor Lambda function creation, deletion, and alias management. Track the complete lifecycle of your serverless functions to ensure proper resource management.
Code and Configuration Updates
Track function code updates and configuration modifications. Monitor changes to your serverless applications to maintain visibility into deployment activities.
Event Source Management
Monitor event source mapping creation, deletion, and updates. Track integration changes between Lambda functions and event sources like DynamoDB, Kinesis, and SQS.
Permission Management
Track permission changes to Lambda functions including resource-based policies and IAM role modifications. Monitor access control changes to maintain function security.
Monitor Relational Database Service Activities
RDS Events
Stay informed about your RDS resources with detailed tracking of database instance lifecycle events, cluster changes, snapshots, security groups, replication, failovers, and restoration actions across your AWS environment.
DB Cluster Events
Monitor creation, deletion, or modification of Aurora DB clusters. Also includes events like failover of primary DB instances, restoration from snapshots, or point-in-time recovery of clusters.
DB Instance Changes
Track creation, modification, or deletion of individual DB instances. Includes reboot events and read replica creation or promotion to standalone status.
Parameter and Option Group Changes
Detect creation, modification, reset, or deletion of DB parameter groups, DB cluster parameter groups, and option groups. Ensures configuration consistency and tuning visibility.
DB Security Group Activities
Track when DB security groups are created or deleted, along with changes to their ingress rules including enabling or revoking access.
DB Subnet Group Changes
Monitor creation, modification, or deletion of DB subnet groups to ensure proper networking configurations and availability zone coverage.
Snapshot Operations
Includes creation and deletion of both DB instance and DB cluster snapshots. Also monitors manual snapshot attribute modifications for tighter governance.
Restore & Recovery Events
Track restore operations including: restoring DB clusters or instances from snapshots, and restoring to a specific point in time. Critical for backup, DR, and rollback workflows.
Monitor DNS and Domain Operations
Route53 Events
Track DNS record changes, health check operations, hosted zone management, and domain contact updates. Maintain visibility into your DNS infrastructure and domain management activities.
DNS Record Management
Monitor DNS record set creation, modification, and deletion for domains and subdomains. Track DNS changes to ensure proper domain resolution and prevent service disruptions.
Resolver Operations
Track resolver endpoint creation and configuration changes. Monitor DNS resolution infrastructure to ensure proper hybrid cloud and on-premises connectivity.
Health Check Management
Monitor health check deletion and configuration changes. Track health monitoring setup to ensure proper failover and traffic routing based on resource health.
Domain Operations
Track hosted zone deletion and domain contact updates. Monitor domain management activities to maintain proper domain ownership and configuration.
Monitor Object Storage Operations
S3 Events
Track S3 bucket lifecycle management, configuration changes, and permission modifications. Maintain visibility into your object storage infrastructure to ensure data security and compliance.
Bucket Lifecycle
Monitor S3 bucket creation and deletion activities. Track bucket lifecycle management to maintain proper object storage resource management and cost optimization.
Configuration Changes
Track bucket configuration modifications including lifecycle policies, CORS settings, tagging, and other bucket-level configurations that affect storage behavior and management.
Permission Management
Monitor Access Control List (ACL) changes and permission modifications on S3 buckets. Track security configuration changes to maintain proper data access controls.
Monitor Web Application Firewall
WAF Events
Track Web Application Firewall rule changes and configuration modifications. Maintain visibility into your application security infrastructure to protect against web-based attacks and threats.
WAF Rule Changes
Monitor WAF rule creation and deletion activities. Track firewall rule modifications to ensure proper web application protection and security policy enforcement.
Configuration Management
Track various WAF configuration changes including web ACLs, rate limiting rules, and other security settings that protect your web applications from malicious traffic.