Readonly
alarmList AWS CloudWatch Alarms configuration
Following example will create CIS-1.1-RootAccountUsage alarm for RootAccountUsage metric with notification level low
alarms:
# CIS 1.1 – Avoid the use of the "root" account
- alarmName: CIS-1.1-RootAccountUsage
alarmDescription: Alarm for usage of "root" account
snsAlertLevel: Low (Deprecated)
snsTopicName: Alarms
metricName: RootAccountUsage
namespace: LogMetrics
comparisonOperator: GreaterThanOrEqualToThreshold
evaluationPeriods: 1
period: 300
statistic: Sum
threshold: 1
treatMissingData: notBreaching
Readonly
metricList AWS CloudWatch Metrics configuration
Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group
metrics:
# CIS 1.1 – Avoid the use of the "root" account
- filterName: RootAccountMetricFilter
logGroupName: aws-controltower/CloudTrailLogs
filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
metricNamespace: LogMetrics
metricName: RootAccount
metricValue: "1"
Generated using TypeDoc
SecurityConfig / CloudWatchConfig
AWS CloudWatch configuration
Example