AWS Cloudwatch Audit

AWS CloudWatch Events In Use

Ensure CloudWatch Events is in use to help you respond to operational changes within your AWS resources.

AWS Config Changes Alarm

Ensure AWS Config configuration changes are being monitored using CloudWatch alarms.

AWS Console Sign In Without MFA

Monitor for AWS Console Sign-In Requests Without MFA.

AWS Organizations Changes Alarm

Ensure Amazon Organizations changes are being monitored using AWS CloudWatch alarms.

Authorization Failures Alarm

Ensure any unauthorized API calls made within your AWS account are being monitored using CloudWatch alarms.

CMK Disabled or Scheduled for Deletion Alarm

Ensure AWS CMK configuration changes are being monitored using CloudWatch alarms.

CloudTrail Changes Alarm

Ensure all AWS CloudTrail configuration changes are being monitored using CloudWatch alarms.

Console Sign-in Failures Alarm

Ensure your AWS Console authentication process is being monitored using CloudWatch alarms.

EC2 Instance Changes Alarm

Ensure AWS EC2 instance changes are being monitored using CloudWatch alarms.

EC2 Large Instance Changes Alarm

Ensure AWS EC2 large instance changes are being monitored using CloudWatch alarms.

IAM Policy Changes Alarm

Ensure AWS IAM policy configuration changes are being monitored using CloudWatch alarms.

Internet Gateway Changes Alarm

Ensure AWS VPC Customer/Internet Gateway configuration changes are being monitored using CloudWatch alarms.

Network ACL Changes Alarm

Ensure AWS Network ACLs configuration changes are being monitored using CloudWatch alarms.

Root Account Usage Alarm

Ensure Root Account Usage is being monitored using CloudWatch alarms.

Route Table Changes Alarm

Ensure AWS Route Tables configuration changes are being monitored using CloudWatch alarms.

S3 Bucket Changes Alarm

Ensure AWS S3 Buckets configuration changes are being monitored using CloudWatch alarms.

Security Group Changes Alarm

Ensure AWS security groups configuration changes are being monitored using CloudWatch alarms.

VPC Changes Alarm

Ensure AWS VPCs configuration changes are being monitored using CloudWatch alarms.

Event Bus Exposed

Ensure that your AWS CloudWatch event bus is not exposed to everyone.

EventBus Cross Account Access

Ensure that AWS CloudWatch event buses do not allow unknown cross-account access for delivery of events.

Create CloudWatch Alarm for VPC Flow Logs Metric Filter

Ensure that a CloudWatch alarm is created for the VPC Flow Logs metric filter and an alarm action is configured.

Metric Filter for VPC Flow Logs CloudWatch Log Group

Ensure that a log metric filter for the CloudWatch group assigned to the VPC Flow Logs is created.

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.