AWS Real Time Monitoring

Know and act in an instant on what's happening in your cloud account

Why Realtime Is Important?

Cloud technologies have helped your businesses scale tremendously. But they also bring in their own share of complexity which could result in misconfigurations or attracting bad actors. This also knowing what's happening in your cloud accounts (like AWS, GCP, Azure) is crucial so that you can act on it.

Realtime Events

These are the AWS events curated and pre-packaged which you can subscribe with a 1 click.

AutoScaling

Changes to Policy

A policy has been updated or deleted for an Application Auto Scaling scalable target.

Load Balancer Changes

Terminate Instance in Autoscaling Group

An instance within an autoscaling group is terminated.



CloudFormation

Cloudformation Changes

Any change like Create, Update, Delete or Cancellation of CloudFormation stack will result into this event.

[PILOT] List Stacks

We use this event as pilot event to check if the connection between your account and our account is established or not. Kindly do not disable this event.



Certificate Manager

Delete Certificate

Amazon Certificate Manager Certificate is deleted along with its associated private key.

Request Certificate

ACM certificate is requested for use with other AWS serivces.

Resend Validation Email for domain ownership

An email is resent for domain ownership validation.



CloudTrail

Stop Cloud Trail Logging

CloudTrail has stopped log recording.



EC2

CIDR block association changes

A CIDR block is associated or disassociated with VPC or subnet

Changes to Key Pair

A new keypair has been created or deleted from the EC2

Changes to NAT Gateway

A NAT gateway has been created or deleted.

Changes to Network ACL

Creation or deletion of a network ACL

Changes to Network ACL Entry

Creation or deletion of a network ACL entry

Changes to Network Interface

Any change to Network interface like create, delete, attach or detach events.

Changes to VPC Route or Route Table

Creation or deletion of route or route table

Changes to VPN Gateway

VPN gateway is created, deleted, attached or detached.

Classic Link VPC changes

Classic Link VPC changes either by attaching it or detaching it.

Delete Customer Gateway

A customer gateway is deleted

Delete Dhcp Options

A set of DHCP Options have been deleted. This will have been preceed by a disassociation of those DHCP options.

EBS Volume Changes

EBS Volume is attached or detached.

EC2 instance start or stop

EC2 instance is started or stopped

EC2 instance termination

An instance has been terminated

IP Address Changes

An Elastic IP address is associated, disassociated with existing subnet.

Internet Gateway Changes

An internet gateway has been attached, detached, deleted.

New VPC created

New VPC is created

Route table association changes

A subnet is either associated or disassociated with route table

Run EC2 Instances

An Instance has been launched.

Security Group Egress Changes

An egress rule has been added or removed from a security group for use with a VPC.

Security Group Ingress Changes

An ingress rule has been added to a security group, permitting instances to receive traffic from certain CIDR adress ranges or from other instances associated with certain destination security groups. It also covers if an ingress rule has been removed from a security group.

Security Groups changes

Security Groups is created or deleted

VPC Classic Link Change

Enable or Disable VPC Classic Link

VPC Endpoint changes

VPC endpoint is created or deleted

VPC IAM Instance Profile Changes

An IAM instance profile is associated or disassociated with VPC

VPC Peering Connection Changes

A VPC peering is either requested or deleted

VPN Connection Changes

Either a VPN connection or connection route is created or deleted.



EFS

File System Change

New File system is created or deleted.

Modify Mount Target Security Groups

A set of security groups for a mount target have been modified.

Mount Target Change

Mount for the file system is created or deleted.



ElastiCache

Cache Ingress Security Group changes

Network ingress to cache security group is permitted or revoked.

Elastic Cache Security Group changes

An elastic cache security group is created or removed from the cluster.



ELB

Apply Security Groups To Load Balancer

A security group has been associated with a load balancer inside a VPC.

Changes to Listener

A new listener for Elastic load balaner is creted, or existing listener is deleted or updated.

Changes to Load Balancer

A new load balancer is created or an existing one is deleted.

Changes to Rule of a listerner of an ALB

A rule has been created for a listener that is associated with an Application Load Balancer, or an existing rule is updated or deleted.

Changes to Target Group

A target group associated with ELB has been created, modified or deleted.

Changes to Targets

A target has been deregistered or registered.

Create Load Balancer Policy

This applies to Classic Load Balancer. A policy has been created for Classic load balancer.

Deletion of Listeners

A listener has been deleted

Modify Load Balancer attributes

Attributes from either an Application Load Balancer or Network Load Balancer have been modified.

Modify Target Group Attributes

Attributes of a target group have been modified.

Security Group Association

A security group has been associated with a load balancer.

Tags are removed from ELB

Tags have been removed from an ELB resource.



IAM Signin

Console Login By Root

Root console login

Console Login without MFA

Console Login without MFA



IAM

Access Key Changes

A new AWS secret key and access key ID is created, deleted or modified (status is changed)

Account Alias Changes

For your AWS account, an Alias is created

Add Role To Instance Profile

An IAM role has been added to an instance profile.

Add User To Group

A user has been added to a group

Add or Remove ClientID To OpenID Connect Provider

A client ID has been registered or removed for an IAM OpenID Connect provider resource.

Change IAM Password

Changes to OpenId Connect Provider

Either IAM entity has been created or deleted. Or the list of server certificate thumbprints associated with an OpenID Connect provider has been replaced.

Create New Role

A new role for an AWS account has been created.

Delete Existing Role

A role has been deleted. The role will not have had any policies attached if it was able to be deleted.

Delete Policy Version

A version of a policy has been deleted.

Delete User Policy

An inline policy for an IAM user has been deleted.

Detach User Policy

A managed policy has been removed from a user.

Existing Policy deleted

An existing managed policy has been deleted for an AWS account.

Group Changes

Either a group is created, modified or deleted.

IAM user new password set

A new password has been created for a user to access AWS services through the management console.

IAM user password changed.

A password for an IAM user has been changed.

IAM user password deletion

A password for an IAM user has been deleted thus removing that user's ability to access services through the console.

Inline Policy Deleted From Role

An inline policy for an IAM role has been deleted.

Instance Profile Changes

Either an instance profile is created or an existing profile is deleted.

Managed Policy Added To Role

A managed policy has been added to an IAM role.

Managed Policy Removed From Role

A managed policy has been removed from a role.

Modify User Policy

A policy for an IAM user has been added or updated.

New Policy Created

A new managed policy has been created for an AWS account.

New Policy Version

A new version of a manged policy has been created.

Password Policy Deleted

A password policy for an account has been deleted.

Policy Attachment

A managed policy has changed to IAM group, role or user

Policy Updated For Role

A policy for an IAM role has been added or updated.

Remove Role From Instance Profile

An IAM role has been removed from an EC2 instance profile.

Remove User From Group

A user has been removed from an IAM group.

SAML Provider Changes

An IAM resource has been created, updated or deleted

SSH Key Changes

A SSH key is deleted, updated or uploaded

Server Certificate Changes

A Server certificate is deleted, updated or uploaded

Set Default Policy Version

A version of a policy has been set as a default. This can apply to users, groups and roles. To find specifics, use the ListEntitiesForPolicy API.

Signing Certificate Changes

A signing certificate is deleted, updated or uploaded

Update Account Password Policy

The password policy settings for an AWS account have been updated.

Update Assume Role Policy

The policy for an IAM entity that disctates its permission to assume a role has been updated.

User Changes

A new user is created, or existing user is deleted or modified.

Virtual MFA Device Changed

A virtual MFA is created, deactivated, deleted, enabled or resynced.



RDS

Changes to DB Cluster

A new Aurora DB cluster is created, an existing is deleted or modified.

Changes to DB Cluster Snapshots

A snapshot of a cluster is created or deleted.

Changes to DB Instance

A new DB instance is created or existing DB instance is deleted or updated.

Changes to DB Parameter Group

A new db parameter group is created or existing db group is reset, modified or updated

Changes to DB Security Group

A new DB security group has been created or deleted.

Changes to DB Security Group Ingress

Ingress for a DB Security Group has been enabled.

Changes to DB Subnet Group

If a new db subnet group is created or an existing is modified or deleted.

Changes to DB snapshot

A DB snapshot is created or deleted.

Changes to Db Cluster Parameter Group

A new DB cluster parameter is created or an existing one is updated or deleted.

Changes to Option Group

If a new option group is created or an existing is modified or deleted.

DB Instance is rebooted

DB instances is rebooted

Failover DB Cluster

Primary Db instance failed

Modify DB Snapshot Attribute

A manual DB snapshot's attribute has been modified.

Read Replica Promoted

A read replica instance became standalone instance

Read replica created of a DB instance

An instance has been created to act as a Read Replica for another instance. The source instance may have been running MySQL, MariaDB, Oracle or PostgreSQL.

Reset DB Cluster Parameter Group

A DB cluster parameter group had its parameters reset to its default values.

Restore DB Cluster From Snapshot

Restore DB Cluster From Snapshot

Restore DB Cluster To Point In Time

Restore DB Cluster To Point In Time

Restore DB Instance From DB Snapshot

Restore DB Instance From DB Snapshot

Restore DB Instance To Point In Time

Restore DB Instance To Point In Time

Revoke DB Security Group Ingress

Revoke DB Security Group Ingress



Route53

Change Resource Record Sets

A record set that contains DNS information for a domain or subdomain has been created, changed or deleted.

Create Resolver Endpoint

Create Resolver Endpoint

Delete Health Check

A health check for Route53 has been deleted.

Delete Hosted Zone

Delete Hosted Zone

Update Domain Contact

Update Domain Contact



S3

Delete existing bucket

An existing S3 bucket has been deleted

Existing Bucket Configuration Change

Configuration parameters like lifecycle, CORS, tagging etc on existing bucket is changed

New S3 bucket created

New S3 bucket is created

Permissions changed on S3 bucket

Permissions (ACL) on an existing bucket is changed



WAF

WAF Rule Changes

A new is created or deleted.

WAF various configuration changes

Changes to various configuration of WAF



KMS

Create Grant

A grant is added to customer master key (CMK)

Create Key

Decrypt

Delete Alias

Describe Key

Disable Key

Enable Key

Encrypt

Generate Data Key

Generate Data Key Without Plaintext

Get Key Policy

List Grants

ReEncrypt



Lambda

Create Alias for Function

An alias is created for a function

Create Function

Lambda function is created

Delete Function

Lambda function is deleted

EventSource Mapping Changes

EventSource mapping is either created, deleted or updated.

Permission Changes

Permission changes to Lambda function

Update Function Code

Function code is updated

Update Function Configuration

Function configuration is udpated