Class MetricSetConfig

SecurityConfig / CloudWatchConfig / MetricSetConfig

Description

AWS CloudWatch Metric set configuration

Example

- regions:
    - us-east-1
  deploymentTargets:
    organizationalUnits:
      - Root
  metrics:
    - filterName: MetricFilter
      logGroupName: aws-controltower/CloudTrailLogs
      filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
      metricNamespace: LogMetrics
      metricName: RootAccountUsage
      metricValue: "1"
      treatMissingData: notBreaching

Hierarchy

  • MetricSetConfig

Implements

Constructors

constructor

Properties

deploymentTargets metrics regions

Constructors

constructor

Properties

Readonly deploymentTargets

deploymentTargets: DeploymentTargets = ...

Deployment targets for CloudWatch Metrics configuration

Readonly metrics

metrics: MetricConfig[] = []

AWS CloudWatch Metric list

Following example will create metric filter RootAccountMetricFilter for aws-controltower/CloudTrailLogs log group

Example

metrics:
        # CIS 1.1Avoid the use of the "root" account
        - filterName: RootAccountMetricFilter
          logGroupName: aws-controltower/CloudTrailLogs
          filterPattern: '{$.userIdentity.type="Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !="AwsServiceEvent"}'
          metricNamespace: LogMetrics
          metricName: RootAccount
          metricValue: "1"

Readonly regions

regions: undefined | ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-south-2" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-central-2" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4" | "il-central-1" | "ca-west-1")[] = undefined

(OPTIONAL) AWS region names to configure CloudWatch Metrics

Settings

Member Visibility

Theme

Generated using TypeDoc