AWS CloudWatch Events In Use

Ensure CloudWatch Events is in use to help you respond to operational changes within your AWS resources.

Addresses: Security, Reliability, Operational Maturity

AWS Config Changes Alarm

Ensure AWS Config configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

AWS Console Sign In Without MFA

Monitor for AWS Console Sign-In Requests Without MFA.

Addresses: Security

AWS Organizations Changes Alarm

Ensure Amazon Organizations changes are being monitored using AWS CloudWatch alarms.

Addresses: Security

Authorization Failures Alarm

Ensure any unauthorized API calls made within your AWS account are being monitored using CloudWatch alarms.

Addresses: Security

CMK Disabled or Scheduled for Deletion Alarm

Ensure AWS CMK configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

CloudTrail Changes Alarm

Ensure all AWS CloudTrail configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Console Sign-in Failures Alarm

Ensure your AWS Console authentication process is being monitored using CloudWatch alarms.

Addresses: Security

EC2 Instance Changes Alarm

Ensure AWS EC2 instance changes are being monitored using CloudWatch alarms.

Addresses: Security

EC2 Large Instance Changes Alarm

Ensure AWS EC2 large instance changes are being monitored using CloudWatch alarms.

Addresses: Security

IAM Policy Changes Alarm

Ensure AWS IAM policy configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Internet Gateway Changes Alarm

Ensure AWS VPC Customer/Internet Gateway configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Network ACL Changes Alarm

Ensure AWS Network ACLs configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Root Account Usage Alarm

Ensure Root Account Usage is being monitored using CloudWatch alarms.

Addresses: Security

Route Table Changes Alarm

Ensure AWS Route Tables configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

S3 Bucket Changes Alarm

Ensure AWS S3 Buckets configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Security Group Changes Alarm

Ensure AWS security groups configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

VPC Changes Alarm

Ensure AWS VPCs configuration changes are being monitored using CloudWatch alarms.

Addresses: Security

Event Bus Exposed

Ensure that your AWS CloudWatch event bus is not exposed to everyone.

Addresses: Security

EventBus Cross Account Access

Ensure that AWS CloudWatch event buses do not allow unknown cross-account access for delivery of events.

Addresses: Security

Create CloudWatch Alarm for VPC Flow Logs Metric Filter

Ensure that a CloudWatch alarm is created for the VPC Flow Logs metric filter and an alarm action is configured.

Addresses: Security

Metric Filter for VPC Flow Logs CloudWatch Log Group

Ensure that a log metric filter for the CloudWatch group assigned to the VPC Flow Logs is created.

Addresses: Security

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.