Readonly
deploymentDeployment targets for CloudWatch Metrics configuration
Readonly
metricsAWS CloudWatch Metric list
Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group
metrics:
# CIS 1.1 – Avoid the use of the "root" account
- filterName: RootAccountMetricFilter
logGroupName: aws-controltower/CloudTrailLogs
filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
metricNamespace: LogMetrics
metricName: RootAccount
metricValue: "1"
Readonly
regions(OPTIONAL) AWS region names to configure CloudWatch Metrics
Generated using TypeDoc
SecurityConfig / CloudWatchConfig / MetricSetConfig
AWS CloudWatch Metric set configuration
Example