Readonly
alarmList AWS CloudWatch Alarms configuration
Following example will create CIS-1.1-RootAccountUsage alarm for RootAccountUsage metric with notification level low
alarms:
# CIS 1.1 – Avoid the use of the "root" account
- alarmName: CIS-1.1-RootAccountUsage
alarmDescription: Alarm for usage of "root" account
snsAlertLevel: Low (Deprecated)
snsTopicName: Alarms
metricName: RootAccountUsage
namespace: LogMetrics
comparisonOperator: GreaterThanOrEqualToThreshold
evaluationPeriods: 1
period: 300
statistic: Sum
threshold: 1
treatMissingData: notBreaching
Readonly
log(OPTIONAL) List CloudWatch Logs configuration
The Following is an example of deploying CloudWatch Logs to multiple regions
logGroups:
- logGroupName: Log1
terminationProtected: true
encryption:
useLzaManagedKey: true
deploymentTarget:
account: Production
- logGroupName: Log2
terminationProtected: false
deploymentTarget:
organization: Infrastructure
Readonly
metricList AWS CloudWatch Metrics configuration
Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group
metrics:
# CIS 1.1 – Avoid the use of the "root" account
- filterName: RootAccountMetricFilter
logGroupName: aws-controltower/CloudTrailLogs
filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
metricNamespace: LogMetrics
metricName: RootAccount
metricValue: "1"
Generated using TypeDoc
SecurityConfig / CloudWatchConfig
Description
AWS CloudWatch configuration
Example