Class MetricSetConfig

SecurityConfig / CloudWatchConfig / MetricSetConfig

AWS CloudWatch Metric set configuration

Example

- regions:
    - us-east-1
  deploymentTargets:
    organizationalUnits:
      - Root
  metrics:
    - filterName: MetricFilter
      logGroupName: aws-controltower/CloudTrailLogs
      filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
      metricNamespace: LogMetrics
      metricName: RootAccountUsage
      metricValue: "1"
      treatMissingData: notBreaching

Hierarchy

  • MetricSetConfig

Implements

Constructors

constructor

Properties

deploymentTargets metrics regions

Constructors

constructor

Properties

Readonly deploymentTargets

deploymentTargets: DeploymentTargets = ...

Deployment targets for CloudWatch Metrics configuration

Readonly metrics

metrics: MetricConfig[] = []

AWS CloudWatch Metric list

Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group

Example

metrics:
        # CIS 1.1Avoid the use of the "root" account
        - filterName: RootAccountMetricFilter
          logGroupName: aws-controltower/CloudTrailLogs
          filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
          metricNamespace: LogMetrics
          metricName: RootAccount
          metricValue: "1"

Readonly regions

regions: undefined | string[] = undefined

(OPTIONAL) AWS region names to configure CloudWatch Metrics

Settings

Member Visibility

Theme

Generated using TypeDoc