SecurityConfig / CloudWatchConfig / MetricSetConfig

AWS CloudWatch Metric set configuration

Example

- regions:
- us-east-1
deploymentTargets:
organizationalUnits:
- Root
metrics:
- filterName: MetricFilter
logGroupName: aws-controltower/CloudTrailLogs
filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
metricNamespace: LogMetrics
metricName: RootAccountUsage
metricValue: "1"
treatMissingData: notBreaching

Hierarchy

  • MetricSetConfig

Implements

Constructors

Properties

Constructors

Properties

deploymentTargets: DeploymentTargets = ...

Deployment targets for CloudWatch Metrics configuration

metrics: MetricConfig[] = []

AWS CloudWatch Metric list

Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group

Example

metrics:
# CIS 1.1Avoid the use of the "root" account
- filterName: RootAccountMetricFilter
logGroupName: aws-controltower/CloudTrailLogs
filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
metricNamespace: LogMetrics
metricName: RootAccount
metricValue: "1"
regions: undefined | string[] = undefined

(OPTIONAL) AWS region names to configure CloudWatch Metrics

Generated using TypeDoc